mahara-contributors team mailing list archive

Thread
Date

[Bug 1652995] Re: Phpmailer security update (v5.2.21)

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: "Javier J. Salmeron Garcia" <1652995@xxxxxxxxxxxxxxxxxx>
Date: Mon, 09 Jan 2017 11:21:54 -0000
Reply-to: Bug 1652995 <1652995@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hi,

I see that you use Zend_Mail in some parts of the code. Zend Mail is
also affeted by the security issue: pwnscriptum.com. Could you confirm
if the application is vulnerable?

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1652995

Title:
  Phpmailer security update (v5.2.21)

Status in Mahara:
  Fix Committed
Status in Mahara 15.04 series:
  Fix Released
Status in Mahara 15.10 series:
  Fix Released
Status in Mahara 16.04 series:
  Fix Released
Status in Mahara 16.10 series:
  Fix Released

Bug description:
  PHPMailer just released fixes for some serious security issues. For
  more details, see https://github.com/PHPMailer/PHPMailer/wiki/About-
  the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities

  
  Not sure to what extent Mahara might be affected, but would suggest to upgrade all supported branches.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1652995/+subscriptions