1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2015-8476
PublicDate: 2015-12-16
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8476
https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 (v5.2.14)
Description:
Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 allow
attackers to inject arbitrary SMTP commands via CRLF sequences in an (1)
email address to the validateAddress function in class.phpmailer.php or (2)
SMTP command to the sendCommand function in class.smtp.php, a different
vulnerability than CVE-2012-0796.
Ubuntu-Description:
Notes:
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=807265
Priority: medium
Discovered-by: Takeshi Terada
Assigned-to:
Patches_libphp-phpmailer:
upstream: https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 (v5.2.14)
upstream_libphp-phpmailer: released (5.2.14+dfsg-1)
precise_libphp-phpmailer: released (5.1-1+deb6u11build0.12.04.1)
trusty_libphp-phpmailer: released (5.1-1+deb6u11build0.14.04.1)
vivid_libphp-phpmailer: released (5.2.9+dfsg-2+deb8u1build0.15.04.1)
vivid/stable-phone-overlay_libphp-phpmailer: DNE
vivid/ubuntu-core_libphp-phpmailer: DNE
wily_libphp-phpmailer: ignored (reached end-of-life)
xenial_libphp-phpmailer: not-affected (5.2.14+dfsg-1)
devel_libphp-phpmailer: not-affected (5.2.14+dfsg-1)
|