Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 603752

Summary: [TRACKER] Remote code execution through embedded dev-php/PHPMailer (CVE-2016-{10033,10045})
Product: Gentoo Security Reporter: Thomas Deutschmann <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal Keywords: Tracker
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
See Also: https://bugs.gentoo.org/show_bug.cgi?id=603750
https://bugs.gentoo.org/show_bug.cgi?id=603972
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 603754, 603756, 603758, 603760, 603764, 603766    
Bug Blocks:    

Description Thomas Deutschmann gentoo-dev Security 2016-12-26 13:14:53 UTC
See bug 603750 regarding details about the problem in dev-php/PHPMailer.

As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected.
Comment 1 Harold Anderson 2016-12-26 17:21:43 UTC
I am the maintainer of joomla.  It is unknown whether joomla has bundled an affected version of PHPMailer.  Please remove joomla from portage until further notice.
Comment 2 Thomas Deutschmann gentoo-dev Security 2016-12-26 18:22:48 UTC
Please, no comments in the tracker. Feel free to post any questions/concerns in the bug of your package.
Comment 3 Thomas Deutschmann gentoo-dev Security 2016-12-28 20:09:01 UTC
First fix was incomplete, see bug 603972 aka CVE-2016-10045.