FEDORA-2021-ef548cb234 created by remi 6 months ago for Fedora 33
stable

Version 6.5.0 (June 16th, 2021)

  • SECURITY Fixes CVE-2021-34551, a complex RCE affecting Windows hosts. See SECURITY.md for details.
  • The fix for this issue changes the way that language files are loaded. While they remain in the same PHP-like format, they are processed as plain text, and any code in them will not be run, including operations such as concatenation using the . operator.
  • Deprecation The current translation file format using PHP arrays is now deprecated; the next major version will introduce a new format.
  • SECURITY Fixes CVE-2021-3603 that may permit untrusted code to be run from an address validator. See SECURITY.md for details.
  • The fix for this issue includes a minor BC break: callables injected into validateAddress, or indirectly through the $validator class property, may no longer be simple strings. If you want to inject your own validator, provide a closure instead of a function name.
  • Haraka message ID strings are now recognised

How to install

sudo dnf upgrade --advisory=FEDORA-2021-ef548cb234

This update has been submitted for testing by remi.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update's test gating status has been changed to 'waiting'.

6 months ago

This update's test gating status has been changed to 'ignored'.

6 months ago

This update has been pushed to testing.

6 months ago

remi edited this update.

6 months ago

This update has been submitted for stable by bodhi.

6 months ago

This update has been pushed to stable.

6 months ago

Please login to add feedback.

Metadata
Type
security
Severity
medium
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
6 months ago
in testing
6 months ago
in stable
6 months ago
modified
6 months ago
BZ#1973425 CVE-2021-3603 php-PHPMailer: inclusion of functionality from untrusted control sphere vulnerability
0
0
BZ#1973430 CVE-2021-3603 php-phpmailer6: php-PHPMailer: inclusion of functionality from untrusted control sphere vulnerability [fedora-all]
0
0

Automated Test Results