603758 – www-apps/drupal: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)

Bug 603758 - www-apps/drupal: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)

Summary: www-apps/drupal: Remote code execution through embedded dev-php/PHPMailer (CV...

Status:	RESOLVED INVALID

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://www.drupal.org/psa-2016-004
Whiteboard:
Keywords:

Depends on:
Blocks:	603752
	Show dependency tree

Reported:	2016-12-26 13:24 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-01-11 21:24 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-26 13:24:21 UTC

It is suspected that this package is vulnerable to a security vulnerability via embedded dev-php/PHPMailer. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. 

Please see the information contained in the tracker bug 603752.

Comment 1 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure

2017-01-11 21:17:12 UTC

As listed in the Drupal advisory, this vulnerability doesn't affect Core, so it doesn't affect the package provided by Gentoo and only a 3rd party library.
As such, I suggest we close the bug.

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-01-11 21:24:26 UTC

Closing as invalid: Package was never affected.