Your message dated Sat, 25 Feb 2017 19:04:35 +0000 with message-id <e1chhdz-00049q...@fasolo.debian.org> and subject line Bug#853232: fixed in libphp-phpmailer 5.2.14+dfsg-2.3 has caused the Debian Bug report #853232, regarding libphp-phpmailer: CVE-2017-5223 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 853232: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853232 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libphp-phpmailer Severity: grave Tags: security Justification: user security hole Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5223 for details. Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: libphp-phpmailer Source-Version: 5.2.14+dfsg-2.3 We believe that the bug you reported is fixed in the latest version of libphp-phpmailer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 853...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated libphp-phpmailer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 25 Feb 2017 19:15:08 +0100 Source: libphp-phpmailer Binary: libphp-phpmailer Architecture: source Version: 5.2.14+dfsg-2.3 Distribution: unstable Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: libphp-phpmailer - full featured email transfer class for PHP Closes: 853232 Changes: libphp-phpmailer (5.2.14+dfsg-2.3) unstable; urgency=medium . * Non-maintainer upload. * Fix CVE-2017-5223: It was discovered that there was a local file disclosure vulnerability in libphp-phpmailer, a email transfer class for PHP, where insufficient parsing of HTML messages could potentially be used by attacker to read a local file. (Closes: #853232) Checksums-Sha1: 58cc71ccdef06f59d607617b2a0b25082db16dfb 2236 libphp-phpmailer_5.2.14+dfsg-2.3.dsc 3545c0db5ed7f10c7f281e89d6884d5d0f2d7bc3 9820 libphp-phpmailer_5.2.14+dfsg-2.3.debian.tar.xz e31aef1aa5b6c70912e9f5e095d72f719c48c829 5137 libphp-phpmailer_5.2.14+dfsg-2.3_amd64.buildinfo Checksums-Sha256: 20611934776becfef45a5414baf8df4051bc506282cc31485dd97b08e932debf 2236 libphp-phpmailer_5.2.14+dfsg-2.3.dsc 8b14fa0868618689327432bce2c170f2c7e47b972b5eb627ca0221a4f75455db 9820 libphp-phpmailer_5.2.14+dfsg-2.3.debian.tar.xz 84c15835e2959b7a234f49d2f52dd235730466f5e946ad9170ce22035f6de4c9 5137 libphp-phpmailer_5.2.14+dfsg-2.3_amd64.buildinfo Files: fafe9e5b36cc38295d29732b1e7bbfef 2236 php optional libphp-phpmailer_5.2.14+dfsg-2.3.dsc 612ef8cad8b10a0751b58cb779691f10 9820 php optional libphp-phpmailer_5.2.14+dfsg-2.3.debian.tar.xz da8c49c3719dc4978985574c6798b2b7 5137 php optional libphp-phpmailer_5.2.14+dfsg-2.3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlixz0tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkceUQAJchJkl42Tx6cfv+twE0/iDjKa4/V/L6Pmzw AMG/N0Cm41qOv6IUIxI2hvP7MclkYD6WhzPcNeY2Ji1/bNWsGFuQfngiHFamUk7/ gxTG82Su3iGYRjEJ30tF2xNwlrMvOm8jYqjePEIFdLi8GWG0PYHY2SJFLKoO6Gc8 ZVtGjT6oBMHFiqz9YwjHORXgQebwTUPohTj7zYXIXMFTt7YwE/3yI44vwsjG81EL LHRkQ3S/dWG3uA/IpOiLkBv/SWotKAWfL/zp6U4k+krVHuJRRs/AUW+n1uJ/D5qe Q5PEMJtuFYdgb/6EEB66e10DYSXEWpfsTC5zBteBN6UgOLleoWnvuo63A53jPthg RZVaLR6CfGug0sQZWFTjTSIZt3eFrSEj6wwbv8t9hkle/K+fJxXbjf0eVU24eOU0 he/ybidyvTzjWUtDMF/N/8u6IwKNlsfndrEEjr3xDEChAHV70y2t2zjK6rvVFs4o sujFQPyQxF4gUeskvWHx/il7XHbtcdc5PhcahErnjKpfT3R7qPmh86UwxTHMlb8N QQciZ1YerIbc7M2IhRx56is1XVMqq8VP9c8IgJtbjO0F37ynmCFHyV39uf5HqGft 9VOHy/vwXu7BG7E6nC27VxO4yQ17SclA5QE5gu6JeMXsk8ZimLuxeU8aN5J4mFth 2DI3IDNC =oPru -----END PGP SIGNATURE-----
--- End Message ---
