603752 – [TRACKER] Remote code execution through embedded dev-php/PHPMailer (CVE-2016-{10033,10045})

Bug 603752 - [TRACKER] Remote code execution through embedded dev-php/PHPMailer (CVE-2016-{10033,10045})

Summary: [TRACKER] Remote code execution through embedded dev-php/PHPMailer (CVE-2016-...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:
Keywords:	Tracker

Depends on:	603754 603756 603758 603760 603764 603766
Blocks:
	Show dependency tree

Reported:	2016-12-26 13:14 UTC by Thomas Deutschmann (RETIRED)
Modified:	2018-04-21 12:10 UTC (History)
CC List:	0 users

See Also:	CVE-2016-10033 CVE-2016-10045
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-26 13:14:53 UTC

See bug 603750 regarding details about the problem in dev-php/PHPMailer.

As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected.

Comment 1 Harold Anderson 2016-12-26 17:21:43 UTC

I am the maintainer of joomla.  It is unknown whether joomla has bundled an affected version of PHPMailer.  Please remove joomla from portage until further notice.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-26 18:22:48 UTC

Please, no comments in the tracker. Feel free to post any questions/concerns in the bug of your package.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-28 20:09:01 UTC

First fix was incomplete, see bug 603972 aka CVE-2016-10045.