603764 – <www-apps/moodle-{3.1.10, 3.2.7, 3.3.4, 3.4.1}: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)

Bug 603764 - <www-apps/moodle-{3.1.10, 3.2.7, 3.3.4, 3.4.1}: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)

Summary: <www-apps/moodle-{3.1.10, 3.2.7, 3.3.4, 3.4.1}: Remote code execution through...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~2 [noglsa]
Keywords:

Depends on:
Blocks:	603752
	Show dependency tree

Reported:	2016-12-26 13:49 UTC by Thomas Deutschmann (RETIRED)
Modified:	2018-01-25 21:33 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-26 13:49:23 UTC

It is suspected that this package is vulnerable to a security vulnerability via embedded dev-php/PHPMailer. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. 

Please see the information contained in the tracker bug 603752.

Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev

2017-10-05 17:09:14 UTC

ping.

@Maintainers any news about this? Thank you

Gentoo Security Padawan
ChrisADR

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2018-01-25 21:33:59 UTC

All vulnerable versions have been removed in accordance with upstream fixes:

https://tracker.moodle.org/browse/MDL-57531

Not digging through Git logs.