Updated php-phpmailer packages fix CVE-2015-8476
Publication date: 24 Dec 2015Modification date: 24 Dec 2015
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8476
Description
Updated php-phpmailer package fixes security vulnerability: Takeshi Terada discovered that PHPMailer accepted addresses containing line breaks. This is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands, permitting a kind of message injection attack (CVE-2015-8476).
References
SRPMS
5/core
- php-phpmailer-5.2.14-1.mga5