Advisories ยป MGASA-2018-0136

Updated apache-commons-email packages fix security vulnerability

Publication date: 24 Feb 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-1294

Description

Apache Commons-Email, from version 1.0 to 1.4 inclusive, does not properly
validate bounce addresses. If a user of Commons-Email (typically an
application programmer) passes unvalidated input as the so-called "Bounce
Address", and that input contains line-breaks, then the email details
(recipients, contents, etc.) might be manipulated (CVE-2018-1294).
                

References

SRPMS

6/core