Your message dated Sat, 31 Dec 2016 21:02:32 +0000 with message-id <e1cnqnq-0009o6...@fasolo.debian.org> and subject line Bug#849365: fixed in libphp-phpmailer 5.2.9+dfsg-2+deb8u2 has caused the Debian Bug report #849365, regarding libphp-phpmailer: CVE-2016-10033 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 849365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=849365 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libphp-phpmailer Version: 5.2.9+dfsg-2 Severity: grave Tags: security upstream Justification: user security hole Hi, the following vulnerability was published for libphp-phpmailer. CVE-2016-10033[0]: remote code execution Details though at the point of writing this bugreport are not yet available. It is fixed in the new upstream version 5.2.18. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2016-10033 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10033 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libphp-phpmailer Source-Version: 5.2.9+dfsg-2+deb8u2 We believe that the bug you reported is fixed in the latest version of libphp-phpmailer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 849...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Thijs Kinkhorst <th...@debian.org> (supplier of updated libphp-phpmailer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sat, 31 Dec 2016 10:44:49 +0100 Source: libphp-phpmailer Binary: libphp-phpmailer Architecture: source all Version: 5.2.9+dfsg-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Debian PHP PEAR Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: Thijs Kinkhorst <th...@debian.org> Description: libphp-phpmailer - full featured email transfer class for PHP Closes: 849365 Changes: libphp-phpmailer (5.2.9+dfsg-2+deb8u2) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix CVE-2016-10033 (and CVE-2016-10045): apply commits 4835657c 9743ff5c 833c35fe from upstream. Closes: #849365. Checksums-Sha1: 91a429e2dcb8a0209e3906f79ead7cb5f2d7e7ef 1766 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc 4378845c3167b57a38dce2c16803f022ef4df350 6988 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz cacd20630232c80e6d5af55dd0f9dd9f8826388e 130966 libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb Checksums-Sha256: 47494de87ec3b2459ad01592f07f37b85af87eea3a75d73ea39e9abbea17915f 1766 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc afa37d9654aa397fbf4fcede94675ed0742283dc7ef35166d00b3a074eb6e505 6988 libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz 59e1de75e1a4f5968fcac1bfbf48b3ad3f917f0f20e74dd78bff24bf877883b5 130966 libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb Files: bb11272cc2baf1b6e4d211d8d6f57b43 1766 php optional libphp-phpmailer_5.2.9+dfsg-2+deb8u2.dsc 425e2e355f46b7ce2bd7a5af6e16e540 6988 php optional libphp-phpmailer_5.2.9+dfsg-2+deb8u2.debian.tar.xz d4e5deb28ce38bf1a47093dab069eff2 130966 php optional libphp-phpmailer_5.2.9+dfsg-2+deb8u2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBCAAGBQJYZ3/KAAoJEFb2GnlAHawExG0H/jqZbQi0FAPN8p9FmgYCIxjh p2pZYcpjzt/306I/in5HtXcHeQkWEzhD6Opt9F6A9ow+YONu8YHeKU20Eb+Fv4k1 658KP9N01fgUCH7D3JL49205BybNUE4eBiDw53S8IZyvJNozbMmR8qBGpYxHYYbt s8YEBAakoGSC4T/+IPa2z7qb6E+MBrBoJifVhhtCsJ2ro+yluTa3iRkX21Zhc41b rB7Vi3whyHgNQ+4Bdj9UyljL0bZAV73XfgLN/dR4b6+ND7oembO5f7QQSbENJ03a FVpwRFlKCnkeY4oNNdJPrBceZgOjSBPUfqcYYPDDyvqo8tqyO6Kj5o9isWuvehg= =PzAi -----END PGP SIGNATURE-----
--- End Message ---
