-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2306-1 [email protected] https://www.debian.org/lts/security/ Abhijith PA August 01, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libphp-phpmailer Version : 5.2.14+dfsg-2.3+deb9u2 CVE ID : CVE-2020-13625 Debian Bug : 962827 It was discovered that there was an escaping issue in libphp-phpmailer, an email generation utility class for the PHP programming language. The `Content-Type` and `Content-Disposition` headers could have permitted file attachments that bypassed attachment filters which match on filename extensions. For Debian 9 stretch, this problem has been fixed in version 5.2.14+dfsg-2.3+deb9u2. We recommend that you upgrade your libphp-phpmailer packages. For the detailed security status of libphp-phpmailer please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libphp-phpmailer Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAl8mQ3gACgkQhj1N8u2c KO//lQ//cNjg4k7DZlsBE+ilFtDRb/KyvNJPM6UTXHOe2RkB1Pna22/b6zA+VkEd fDE/dO9gi8/pcLSGAeiUJO0kR70zAH0y/rkEGJN6RfK1lsUs9eUEoEkx/mPXuRy3 WQfElWLDLlDhsqBNPt7ml5HhuKRVpCy0kE5M/BwPsD+TyYg8Mun7+0PvcV8CTZcV 9T0FHu6BG6hPJ7zSHy5+HsOdc83e7T6YpwndGm/Dhz8EtMgMmUhA3qWKrO2vykRz Av+bqsrcsk+3Rtxn/7ERTD/LnwmiP1s0z3ZnjpB6IA/ILS44HyY5dAHf8rd6/Pvm pBUJ9M2oF2JiEhdtxt676XNcbMtYtP9Wy1l6NW+1/zmLI7ZqW0aVpzTGqWGLsFzl 8Oxw4qUTGq2URosz3Xr3qluvxNUhD7hZthUJGWqpI2pd6xKVORtPc0T2XQvUXHv1 Rzwjz7GVlRg/q0y6fcTxRiY1dco/UQbYwiGs1Se1kwf2jWEx+FKpbAOfT4oChqcj CCxQbHla/SITjaowjjSP6XP3boY+iM6tfkxHg92eoUjuFxUlG34nIrWpVbpWvILF 1FwpL8qJOZRxVAMqvb+Ah07tks+ahzrKilvTZEZlGD2ljUpKpDhDZOwG4LkCNZmn pACw9ChqLdXqtc9GdDAh9gjl/Rczh1dVfelzxm9hZK7fAfbbB0I= =2VjE -----END PGP SIGNATURE-----
