Cross-Site Scripting in php-PHPMailer
ID: | FEDORA-2017-ab55648aa7 |
Distribution: | Fedora |
Plattformen: | Fedora 26 |
Datum: | Sa, 5. August 2017, 09:44 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11503 |
Applikationen: | PHPMailer |
Originalnachricht |
|
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2017-ab55648aa7 2017-08-04 13:51:16.705669 -------------------------------------------------------------------------------- Name : php-PHPMailer Product : Fedora 26 Version : 5.2.24 Release : 1.fc26 URL : https://github.com/PHPMailer/PHPMailer Summary : PHP email transport class with a lot of features Description : Full Featured Email Transfer Class for PHP. PHPMailer features: * Supports emails digitally signed with S/MIME encryption! * Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs * Works on any platform. * Supports Text & HTML emails. * Embedded image support. * Multipart/alternative emails for mail clients that do not read HTML email. * Flexible debugging. * Custom mail headers. * Redundant SMTP servers. * Support for 8bit, base64, binary, and quoted-printable encoding. * Word wrap. * Multiple fs, string, and binary attachments (those from database, string, etc). * SMTP authentication. * Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail, Imail, Exchange, etc. * Good documentation, many examples included in download. * It's swift, small, and simple. -------------------------------------------------------------------------------- Update Information: Update to 5.2.24: fixes XSS vulnerability CVE-2017-11503. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1474418 - CVE-2017-11503 php-PHPMailer: phpmailer: XSS in code_generator.php [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1474418 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-PHPMailer' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org |