Updated php-phpmailer packages fix security vulnerabilitiesPublication date: 27 Jan 2017
Affected Mageia releases : 5
CVE: CVE-2016-10033 , CVE-2017-5223
It was discovered that PHPMailer, a popular library to send email from PHP applications, allowed a remote attacker to execute code if they were able to provide a crafted Sender address (CVE-2016-10033). It was discovered that PHPMailer prior to 5.2.22 contained a local file disclosure vulnerability if content passed to `msgHTML()` was sourced from unfiltered user input (CVE-2017-5223).