| Summary: | www-apps/joomla: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED WONTFIX | ||
| Severity: | trivial | CC: | harold, oli.huber, proxy-maint, web-apps |
| Priority: | Normal | Keywords: | PMASKED |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://developer.joomla.org/security-centre/668-20161205-phpmailer-security-advisory.html | ||
| Whiteboard: | ~2 [ebuild+/cve] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 603752 | ||
|
Description
Thomas Deutschmann (RETIRED)
2016-12-26 13:21:51 UTC
(In reply to Harold Naparst from https://bugs.gentoo.org/show_bug.cgi?id=603752#c1) > I am the maintainer of joomla. It is unknown whether joomla has bundled an > affected version of PHPMailer. Please remove joomla from portage until > further notice. Joomla upstream has already confirmed the problem and is preparing new releases. The version in Gentoo repository (=www-apps/joomla-3.4.8) ships PHPMailer in v5.2.9, see https://github.com/joomla/joomla-cms/blob/3.4.8/libraries/vendor/phpmailer/phpmailer/class.phpmailer.php#L34. # Thomas Deutschmann <whissi@gentoo.org> (17 May 2017) # Multiple unpatched security vulnerabilities (see bug #603756, #610696, #612650 ...) # Removal in 30 days. www-apps/joomla commit fe7d7445faf698a716e9f542fdc18b771fa42b6a Author: Michał Górny <mgorny@gentoo.org> AuthorDate: Sat Jun 17 10:29:26 2017 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: Sat Jun 17 10:39:58 2017 www-apps/joomla: Remove last-rited pkg |
