FEDORA-EPEL-2016-bb32162e83

security update in Fedora EPEL 7 for php-swiftmailer

Status: stable 2 years ago

Version 5.4.5 (2016-12-29)

  • SECURITY FIX: fixed CVE-2016-10074 by disallowing potentially unsafe shell characters

Prior to 5.4.5, the mail transport (Swift_Transport_MailTransport) was vulnerable to passing arbitrary shell arguments if the "From", "ReturnPath" or "Sender" header came from a non-trusted source, potentially allowing Remote Code Execution

  • deprecated the mail transport

Comments 6

This update has been submitted for testing by remi.

This update has been pushed to testing.

remi edited this update.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by remi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
unspecified
Karma
0
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Enabled
Autopush (time)
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago
modified 2 years ago

Related Bugs 2

00 #1409517 CVE-2016-10074 php-swiftmailer: Parameter injection via mail() function
00 #1409519 CVE-2016-10074 php-swiftmailer: Parameter injection via mail() function [epel-7]

Automated Test Results