Sicherheit: Ausführen beliebiger Kommandos in php-phpmailer6

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-0f5e6e9957
2018-11-27 17:11:25.740584
-------------------------------------------------------------------------------
-

Name : php-phpmailer6
Product : Fedora 28
Version : 6.0.6
Release : 1.fc28
URL : https://github.com/PHPMailer/PHPMailer
Summary : Full-featured email creation and transfer class for PHP
Description :
PHPMailer - A full-featured email creation and transfer class for PHP

Class Features
* Probably the world's most popular code for sending email from PHP!
* Used by many open-source projects:
WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more
* Integrated SMTP support - send without a local mail server
* Send emails with multiple To, CC, BCC and Reply-to addresses
* Multipart/alternative emails for mail clients that do not read HTML email
* Add attachments, including inline
* Support for UTF-8 content and 8bit, base64, binary, and quoted-printable
encodings
* SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms
over SSL and SMTP+STARTTLS transports
* Validates email addresses automatically
* Protect against header injection attacks
* Error messages in 47 languages!
* DKIM and S/MIME signing support
* Compatible with PHP 5.5 and later
* Namespaced to prevent name clashes
* Much more!

Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php

-------------------------------------------------------------------------------
-
Update Information:

**Version 6.0.6** * **SECURITY** Fix potential object injection
vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. *
Added Tagalog translation, thanks to StoneArtz * Added Malagache
translation,
thanks to Hackinet * Updated Serbian translation, fixed incorrect language
code, thanks to mmilanovic4 * Updated Arabic translations (MicroDroid) *
Updated Hungarian translations * Updated Dutch translations * Updated
Slovenian translation (filips123) * Updated Slovak translation (pcmanik) *
Updated Italian translation (sabas) * Updated Norwegian translation (aleskr)
* Updated Indonesian translation (mylastof) * Add constants for common
values, such as text/html and quoted-printable, and use them * Added support
for copied headers in DKIM, helping with debugging, and an option to add extra
headers to the DKIM signature. See DKIM_sign example for how to use them.
Thanks
to gwi-mmuths. * Add Campaign Monitor transaction ID pattern matcher *
Remove deprecated constant and ini values causing warnings in PHP 7.3, added
PHP
7.3 build to Travis config. * Expanded test coverage
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Nov 16 2018 Remi Collet <remi@remirepo.net> - 6.0.6-1
- update to 6.0.6
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-0f5e6e9957' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org