Package: libphp-swiftmailer

Package: libphp-swiftmailer / 5.2.2-1+deb8u1

Metadata

Package	Version	Patches format
libphp-swiftmailer	5.2.2-1+deb8u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2016 10074.patch \| (download)	lib/classes/Swift/Transport/MailTransport.php \| 52 51 + 1 - 0 ! tests/unit/Swift/Transport/MailTransportTest.php \| 27 27 + 0 - 0 ! 2 files changed, 78 insertions(+), 1 deletion(-)	cve-2016-10074 The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer allowed remote attackers to pass extra parameters to the mail command and consequently execute arbitrary code via a \" (backslash double quote) in a crafted e-mail address in the From, ReturnPath, or Sender header. Bug-Debian: https://bugs.debian.org/849626 Bug-Upstream: https://github.com/swiftmailer/swiftmailer/issues/844

Patch

File delta

Description

CVE 2016 10074.patch | (download)

lib/classes/Swift/Transport/MailTransport.php | 52 51 + 1 - 0 !
tests/unit/Swift/Transport/MailTransportTest.php | 27 27 + 0 - 0 !
2 files changed, 78 insertions(+), 1 deletion(-)

 cve-2016-10074

The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer allowed
remote attackers to pass extra parameters to the mail command
and consequently execute arbitrary code via a \" (backslash double quote) in a
crafted e-mail address in the From, ReturnPath, or Sender header.

Bug-Debian: https://bugs.debian.org/849626
Bug-Upstream: https://github.com/swiftmailer/swiftmailer/issues/844