Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2020-36326

Related Vulnerabilities: CVE-2020-36326  

Source

Debian Bug report logs - #988732
CVE-2020-36326

version graph

Package: libphp-phpmailer; Maintainer for libphp-phpmailer is Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>; Source for libphp-phpmailer is src:libphp-phpmailer (PTS, buildd, popcon).

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 18 May 2021 18:51:01 UTC

Severity: grave

Tags: security

Found in version libphp-phpmailer/6.2.0-1

Fixed in version libphp-phpmailer/6.2.0-2

Done: Paul Gevers <elbrus@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>:
Bug#988732; Package libphp-phpmailer. (Tue, 18 May 2021 18:51:04 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>. (Tue, 18 May 2021 18:51:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2020-36326
Date: Tue, 18 May 2021 20:46:42 +0200
Package: libphp-phpmailer
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Please see
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36326

Patches:
https://github.com/PHPMailer/PHPMailer/commit/26f2848d3bbb57add5f34a467a1e3b2f9ce5cd2a (v6.4.1)
https://github.com/PHPMailer/PHPMailer/commit/7f267fb4aadfcf62e3ddc50494c469c6b9c4405a (v6.4.1)

Cheers,
	 Moritz

Reply sent to Paul Gevers <elbrus@debian.org>:
You have taken responsibility. (Tue, 18 May 2021 21:21:06 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 18 May 2021 21:21:06 GMT) (full text, mbox, link).

Message #10 received at 988732-close@bugs.debian.org (full text, mbox, reply):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 988732-close@bugs.debian.org
Subject: Bug#988732: fixed in libphp-phpmailer 6.2.0-2
Date: Tue, 18 May 2021 21:18:34 +0000
Source: libphp-phpmailer
Source-Version: 6.2.0-2
Done: Paul Gevers <elbrus@debian.org>

We believe that the bug you reported is fixed in the latest version of
libphp-phpmailer, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 988732@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Paul Gevers <elbrus@debian.org> (supplier of updated libphp-phpmailer package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 18 May 2021 21:29:05 +0200
Source: libphp-phpmailer
Architecture: source
Version: 6.2.0-2
Distribution: unstable
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Paul Gevers <elbrus@debian.org>
Closes: 988732
Changes:
 libphp-phpmailer (6.2.0-2) unstable; urgency=medium
 .
   * Add upstream patches to fix CVE-2020-36326 (Closes: #988732)
Checksums-Sha1:
 f2d75be096ab105cc292df5f33aabd6e6ab00198 1809 libphp-phpmailer_6.2.0-2.dsc
 cfc4fa72c64f457b1ebb37162fcfd6ec3d6329b3 5172 libphp-phpmailer_6.2.0-2.debian.tar.xz
Checksums-Sha256:
 2f27dc7daaf7b4d62f62e1635aafe913549e66f7f7f4ea201e28dfcd3c9b746b 1809 libphp-phpmailer_6.2.0-2.dsc
 2f1712976aed9530ca4960e681bdae0029bda108ffd41df981b0357214342bfa 5172 libphp-phpmailer_6.2.0-2.debian.tar.xz
Files:
 03d0b567bba8672a3fc9048199225a33 1809 php optional libphp-phpmailer_6.2.0-2.dsc
 9949e9d8a1bf32cafdfd85b43639d75b 5172 php optional libphp-phpmailer_6.2.0-2.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEWLZtSHNr6TsFLeZynFyZ6wW9dQoFAmCkKoUACgkQnFyZ6wW9
dQr50gf8C5sieL8wzewc+1+Qrzy1PvK5aCT2Qh4Ry+J/s0gVpErozauUTxw+dG0e
ViMJJwxiZHpxJuhipvAeYztJCRaSXpoKol+Fykd2vrSEwYItxdp3If+X87T5P86m
IpPjYuhS9Fy0YdAJdXIL1D2Asvwn47Y/zGWJmAOwn7HwkjfpiPJtFcENDEKSCCvh
3gHWvvd2236JxS8Uul2bJknj6dO/AnWUDe/9Z8WIIxAF43w5cF8jaV39AksJidQL
Op0C58Q47W/9EmdFRUSCVRXx6PormIK3TyEEq1UTvhxLmo3PE00Zocczq/dm0V3x
x64RipFBt3pbsk7WfBgLap69NeMd5g==
=Wu2u
-----END PGP SIGNATURE-----

Marked as found in versions libphp-phpmailer/6.2.0-1. Request was from Salvatore Bonaccorso <carnil@debian.org> to control@bugs.debian.org. (Wed, 19 May 2021 05:39:02 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed May 19 12:44:33 2021; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started