603766 – <www-apps/ampache-3.8.3: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)

Bug 603766 - <www-apps/ampache-3.8.3: Remote code execution through embedded dev-php/PHPMailer (CVE-2016-10033)

Summary: <www-apps/ampache-3.8.3: Remote code execution through embedded dev-php/PHPMa...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://github.com/ampache/ampache/is...
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:	603752
	Show dependency tree

Reported:	2016-12-26 13:58 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-07-08 13:45 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	www-apps/ampache-3.8.3
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-26 13:58:32 UTC

It is suspected that this package is vulnerable to a security vulnerability via embedded dev-php/PHPMailer. As such we ask maintainers with packages suspected to be vulnerable to verify if the package is (or have been) affected. 

Please see the information contained in the tracker bug 603752.

Comment 1 Kristian Fiskerstrand (RETIRED) gentoo-dev

2016-12-26 18:29:52 UTC

Reported upstream in ${URL}

Comment 2 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-06-25 18:20:28 UTC

The updated version was published some days ago, so bumped:

commit 6e742115c483e4dcb2e2f53da27d4e87364cdc93 (HEAD -> master, origin/master, origin/HEAD)
Author: Kristian Fiskerstrand <k_f@gentoo.org>
Date:   Sun Jun 25 20:18:45 2017 +0200

    www-apps/ampache: New upstream version 3.8.3
    
    Gentoo-Bug: 603766
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.1

Comment 3 Agostino Sarubbo gentoo-dev

2017-06-28 13:19:32 UTC

amd64 stable

Comment 4 Agostino Sarubbo gentoo-dev

2017-06-30 11:10:22 UTC

x86 stable.

Maintainer(s), please cleanup.
Security, please vote.

Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev

2017-07-08 13:29:48 UTC

GLSA Vote: No!

@ Maintainer(s): Please cleanup and drop <www-apps/ampache-3.8.3!

Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev

2017-07-08 13:45:44 UTC

commit ae50861d8715e275725568f7b1b5fb033a8035d4 (HEAD -> master, origin/master, origin/HEAD)
Author: Kristian Fiskerstrand <k_f@gentoo.org>
Date:   Sat Jul 8 15:43:13 2017 +0200

    www-apps/ampache: Cleanup old
    
    Gentoo-Bug: 603766
    
    Package-Manager: Portage-2.3.6, Repoman-2.3.1