Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 603758

Summary: www-apps/drupal: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.drupal.org/psa-2016-004
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 603752    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2016-12-26 13:24:21 UTC 
It is suspected that this package is vulnerable to a security vulnerability via embedded dev-php/PHPMailer. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. 

Please see the information contained in the tracker bug 603752.
Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2017-01-11 21:17:12 UTC 
As listed in the Drupal advisory, this vulnerability doesn't affect Core, so it doesn't affect the package provided by Gentoo and only a 3rd party library.
As such, I suggest we close the bug.
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-11 21:24:26 UTC 
Closing as invalid: Package was never affected.