Advisories ยป MGASA-2017-0022

Updated php-phpmailer packages fix security vulnerabilities

Publication date: 27 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-10033 , CVE-2017-5223


It was discovered that PHPMailer, a popular library to send email from
PHP applications, allowed a remote attacker to execute code if they were
able to provide a crafted Sender address (CVE-2016-10033).

It was discovered that PHPMailer prior to 5.2.22 contained a local file
disclosure vulnerability if content passed to `msgHTML()` was sourced
from unfiltered user input (CVE-2017-5223).