Advisories » MGASA-2017-0257

Updated php-phpmailer packages fix security vulnerability

Publication date: 13 Aug 2017
Modification date: 13 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-11503

Description

It was discovered that php-phpmailer has a XSS vulnerability in the
"From Email Address" and "To Email Address" fields of
code_generator.php (CVE-2017-11503).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21398
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/545FEK4BT73LWYBXC2P7MQYBELWVG257/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11503

SRPMS

5/core

• php-phpmailer-5.2.24-1.mga5

6/core

• php-phpmailer-5.2.24-1.mga6