Bug 603752

Summary:	[TRACKER] Remote code execution through embedded dev-php/PHPMailer (CVE-2016-{10033,10045})
Product:	Gentoo Security	Reporter:	Thomas Deutschmann (RETIRED) <whissi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	Keywords:	Tracker
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
See Also:	https://bugs.gentoo.org/show_bug.cgi?id=603750 https://bugs.gentoo.org/show_bug.cgi?id=603972
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:	603754, 603756, 603758, 603760, 603764, 603766
Bug Blocks:

Description Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-26 13:14:53 UTC

See bug 603750 regarding details about the problem in dev-php/PHPMailer.

As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected.

Comment 1 Harold Anderson 2016-12-26 17:21:43 UTC

I am the maintainer of joomla.  It is unknown whether joomla has bundled an affected version of PHPMailer.  Please remove joomla from portage until further notice.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-26 18:22:48 UTC

Please, no comments in the tracker. Feel free to post any questions/concerns in the bug of your package.

Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-28 20:09:01 UTC

First fix was incomplete, see bug 603972 aka CVE-2016-10045.