Date: Thu, 3 Dec 2015 16:23:13 +0000 (UTC) From: Dmitry Marakasov <amdmi3@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r402879 - head/security/vuxml Message-ID: <201512031623.tB3GNDjo056718@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: amdmi3 Date: Thu Dec 3 16:23:12 2015 New Revision: 402879 URL: https://svnweb.freebsd.org/changeset/ports/402879 Log: Document PHPmailer SMTP injection vulnerability PR: 204500 Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Thu Dec 3 14:57:25 2015 (r402878) +++ head/security/vuxml/vuln.xml Thu Dec 3 16:23:12 2015 (r402879) @@ -58,6 +58,35 @@ Notes: --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">; + <vuln vid="8a90dc87-89f9-11e5-a408-00248c0c745d"> + <topic>PHPmailer -- SMTP injection vulnerability</topic> + <affects> + <package> + <name>phpmailer</name> + <range><lt>5.2.14</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <p>PHPMailer changelog reports:</p> + <blockquote cite="https://github.com/PHPMailer/PHPMailer/blob/v5.2.14/changelog.md">; + <p>Fix vulnerability that allowed email addresses with + line breaks (valid in RFC5322) to pass to SMTP, permitting + message injection at the SMTP level. Mitigated in both + the address validator and in the lower-level SMTP class. + Thanks to Takeshi Terada.</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/PHPMailer/PHPMailer/blob/v5.2.14/changelog.md</url>; + </references> + <dates> + <discovery>2015-11-05</discovery> + <entry>2015-12-03</entry> + </dates> + </vuln> + <vuln vid="b0da85af-21a3-4c15-a137-fe9e4bc86002"> <topic>ffmpeg -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201512031623.tB3GNDjo056718>