Sicherheit: Mehrere Probleme in php-PHPMailer

Lesezeichen hinzufügen

Name : php-PHPMailer
Product : Fedora 24
Version : 5.2.22
Release : 1.fc24
URL : https://github.com/PHPMailer/PHPMailer
Summary : PHP email transport class with a lot of features
Description :
Full Featured Email Transfer Class for PHP. PHPMailer features:

* Supports emails digitally signed with S/MIME encryption!
* Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs
* Works on any platform.
* Supports Text & HTML emails.
* Embedded image support.
* Multipart/alternative emails for mail clients that do not read
HTML email.
* Flexible debugging.
* Custom mail headers.
* Redundant SMTP servers.
* Support for 8bit, base64, binary, and quoted-printable encoding.
* Word wrap.
* Multiple fs, string, and binary attachments (those from database,
string, etc).
* SMTP authentication.
* Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail,
Imail, Exchange, etc.
* Good documentation, many examples included in download.
* It's swift, small, and simple.

-------------------------------------------------------------------------------
-
Update Information:

**Version 5.2.22** (January 5th 2017) * **SECURITY** Fix
[CVE-2017-5223](https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5223),
local file disclosure vulnerability if content passed to `msgHTML()` is sourced
from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix
for this means that calls to `msgHTML()` without a `$basedir` will not import
images with relative URLs, and relative URLs containing `..` will be ignored. *
Add simple contact form example * Emoji in test content ---- **Version
5.2.21** (December 28th 2016) * Fix missed number update in version file - no
functional changes ---- **Version 5.2.20** (December 28th 2016) *
**SECURITY** Critical security update for CVE-2016-10045 please update now!
Thanks to [Dawid Golunski](https://legalhackers.com) and Paul Buonopane
(Zenexer). ---- ** Version 5.2.19** (December 26th 2016) * Minor cleanup
** Version 5.2.18** (December 24th 2016) * **SECURITY** Critical security
update for CVE-2016-10033 please update now! Thanks to [Dawid
Golunski](https://legalhackers.com). * Add ability to extract the SMTP
transaction ID from some common SMTP success messages * Minor documentation
tweaks ** Version 5.2.17** (December 9th 2016) * This is officially the last
feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0! *
Allow DKIM private key to be provided as a string * Provide mechanism to allow
overriding of boundary and message ID creation * Improve Brazilian Portuguese,
Spanish, Swedish, Romanian, and German translations * PHP 7.1 support for
Travis-CI * Fix some language codes * Add security notices * Improve DKIM
compatibility in older PHP versions * Improve trapping and capture of SMTP
connection errors * Improve passthrough of error levels for debug output *
PHPDoc cleanup
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1409489 - CVE-2016-10033 phpmailer: Parameter injection via mail()
function
https://bugzilla.redhat.com/show_bug.cgi?id=1409489
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php-PHPMailer' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org