Login-Name Passwort


Sicherheit: Cross-Site Scripting in php-PHPMailer
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in php-PHPMailer
ID: FEDORA-2017-0bc23764e7
Distribution: Fedora
Plattformen: Fedora 24
Datum: Di, 1. August 2017, 23:09
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11503


Fedora Update Notification
2017-08-01 13:45:36.991895

Name : php-PHPMailer
Product : Fedora 24
Version : 5.2.24
Release : 1.fc24
URL : https://github.com/PHPMailer/PHPMailer
Summary : PHP email transport class with a lot of features
Description :
Full Featured Email Transfer Class for PHP. PHPMailer features:

* Supports emails digitally signed with S/MIME encryption!
* Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs
* Works on any platform.
* Supports Text & HTML emails.
* Embedded image support.
* Multipart/alternative emails for mail clients that do not read
HTML email.
* Flexible debugging.
* Custom mail headers.
* Redundant SMTP servers.
* Support for 8bit, base64, binary, and quoted-printable encoding.
* Word wrap.
* Multiple fs, string, and binary attachments (those from database,
string, etc).
* SMTP authentication.
* Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail,
Imail, Exchange, etc.
* Good documentation, many examples included in download.
* It's swift, small, and simple.

Update Information:

Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503.

[ 1 ] Bug #1474418 - CVE-2017-11503 php-PHPMailer: phpmailer: XSS in
code_generator.php [fedora-all]

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php-PHPMailer' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten