Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 603764

Summary: <www-apps/moodle-{3.1.10, 3.2.7, 3.3.4, 3.4.1}: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)
Product: Gentoo Security Reporter: Thomas Deutschmann (RETIRED) <whissi>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: blueness, web-apps
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: ~2 [noglsa]
Package list:
Runtime testing required: ---
Bug Depends on:    
Bug Blocks: 603752    

Description Thomas Deutschmann (RETIRED) gentoo-dev 2016-12-26 13:49:23 UTC 
It is suspected that this package is vulnerable to a security vulnerability via embedded dev-php/PHPMailer. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. 

Please see the information contained in the tracker bug 603752.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-05 17:09:14 UTC 
ping.

@Maintainers any news about this? Thank you

Gentoo Security Padawan
ChrisADR
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-01-25 21:33:59 UTC 
All vulnerable versions have been removed in accordance with upstream fixes:

https://tracker.moodle.org/browse/MDL-57531

Not digging through Git logs.