Your message dated Sat, 27 Jun 2020 19:34:23 +0000 with message-id <e1jpgal-000dg6...@fasolo.debian.org> and subject line Bug#962827: fixed in libphp-phpmailer 6.1.6-1 has caused the Debian Bug report #962827, regarding libphp-phpmailer: CVE-2020-13625 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 962827: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962827 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libphp-phpmailer Version: 6.1.5-0.1 Severity: grave Tags: security upstream Control: found -1 6.0.6-0.1 Control: found -1 5.2.14+dfsg-2.3+deb9u1 Control: found -1 5.2.14+dfsg-2.3 Hi, The following vulnerability was published for libphp-phpmailer. Filling as RC severity as currently as libphp-phpmailer seems currently without maintainer. Bullseye should ideally be released with an active maintainer for libphp-phpmailer. CVE-2020-13625[0]: | PHPMailer before 6.1.6 contains an output escaping bug when the name | of a file attachment contains a double quote character. This can | result in the file type being misinterpreted by the receiver or any | mail relay processing the message. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-13625 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625 [1] https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj [2] https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: libphp-phpmailer Source-Version: 6.1.6-1 Done: Paul Gevers <elb...@debian.org> We believe that the bug you reported is fixed in the latest version of libphp-phpmailer, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 962...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Paul Gevers <elb...@debian.org> (supplier of updated libphp-phpmailer package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 22 Jun 2020 20:31:41 +0200 Source: libphp-phpmailer Architecture: source Version: 6.1.6-1 Distribution: unstable Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: Paul Gevers <elb...@debian.org> Closes: 929548 962827 Changes: libphp-phpmailer (6.1.6-1) unstable; urgency=medium . * New upstream version 6.1.6 - CVE-2020-13625 an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message (Closes: #962827) * Add myself as uploader * Drop Kevin Coyner <kcoy...@debian.org> as uploader (Closes: #929548) * Point Vcs-* fields to the dgit server for now as Alioth is gone Checksums-Sha1: 11809c1c561e64d291427d296e6b1f752a82e556 1789 libphp-phpmailer_6.1.6-1.dsc 81a122d7bbde967d34379d8f20edbefe2db1d692 94769 libphp-phpmailer_6.1.6.orig.tar.gz 1d4745835f1acfa844bd6fafb5f6f7502a27b286 5524 libphp-phpmailer_6.1.6-1.debian.tar.xz Checksums-Sha256: 55943337500f9c980aceb938a71f07bbe0aa856470709f4dad9bab2fecf931a9 1789 libphp-phpmailer_6.1.6-1.dsc dcad39c9fbbb3f42f88ddc42f7a47439ea1be609141a76d3026dd501481f7332 94769 libphp-phpmailer_6.1.6.orig.tar.gz c4d77d0b6237a9c6dc82375e8ae5cd50616713f1c90fb3b137df910675ba8808 5524 libphp-phpmailer_6.1.6-1.debian.tar.xz Files: 06b69e3e95269e507f2e897ba0217324 1789 php optional libphp-phpmailer_6.1.6-1.dsc 1d08de096316fcc505bbd0ddfacf6dbe 94769 php optional libphp-phpmailer_6.1.6.orig.tar.gz dd8347e3712844a2fd061d438141f034 5524 php optional libphp-phpmailer_6.1.6-1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAl7w/wgACgkQnFyZ6wW9 dQrt6Af/fkkbzt77k8D+M6b0iQ3khhaRwTYRZh+zXk78ZDvoH8PCa8L4IL9/StnN Vvy+LIbse6+UrZJKNbsFg4oPOFwOa/nOIIylbMZlU9QJ08I+Fqvonko8jyVC1oTz JuX0yBqJZ/4Vab6aXRwRqj7NsiHPPGK0gIdrtgA4l2qO0DCE7gNQsznY8F53xJRz GcSlGQPC6DEWUd9YMVAr1IJJXsP2VU5XQC8gVqr30ZMgmCg5Dvs6KlZOVacAYTeW d0pHMp+ou0+mcEkMNzxr5NtHBBoY7GcYllFEcDteQgi8cHBTz4BNKDdpkLx5jmZd TbQ0P+U5fNLnCujPZer5DOvwyacQFA== =oyl1 -----END PGP SIGNATURE-----
--- End Message ---
