Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 603752 - [TRACKER] Remote code execution through embedded dev-php/PHPMailer (CVE-2016-{10033,10045})
Summary: [TRACKER] Remote code execution through embedded dev-php/PHPMailer (CVE-2016-...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Keywords: Tracker
Depends on: 603754 603756 603758 603760 603764 603766
  Show dependency tree
Reported: 2016-12-26 13:14 UTC by Thomas Deutschmann
Modified: 2018-04-21 12:10 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann gentoo-dev Security 2016-12-26 13:14:53 UTC
See bug 603750 regarding details about the problem in dev-php/PHPMailer.

As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected.
Comment 1 Harold Anderson 2016-12-26 17:21:43 UTC
I am the maintainer of joomla.  It is unknown whether joomla has bundled an affected version of PHPMailer.  Please remove joomla from portage until further notice.
Comment 2 Thomas Deutschmann gentoo-dev Security 2016-12-26 18:22:48 UTC
Please, no comments in the tracker. Feel free to post any questions/concerns in the bug of your package.
Comment 3 Thomas Deutschmann gentoo-dev Security 2016-12-28 20:09:01 UTC
First fix was incomplete, see bug 603972 aka CVE-2016-10045.