On Mon, Dec 26, 2016 at 10:54:47AM +0100, Salvatore Bonaccorso wrote: > Source: libphp-phpmailer > Version: 5.2.9+dfsg-2 > Severity: grave > Tags: security upstream > Justification: user security hole > > Hi, > > the following vulnerability was published for libphp-phpmailer. > > CVE-2016-10033[0]: > remote code execution
Further analysis of the fix via https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc has shown that this fix might be incomplete. See http://www.openwall.com/lists/oss-security/2016/12/28/1 for further details. Regards, Salvatore
