View Issue Details

IDProjectCategoryView StatusLast Update
0022207mantisbtsecuritypublic2017-03-30 12:05
ReporterdregadAssigned Todregad 
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version1.3.5 
Target Version1.3.6Fixed in Version1.3.6 
Summary0022207: Update PHPMailer to 5.2.22
Description

Following 0022073, two additional security issues were discovered in PHPMailer.

We need to update to the latest version.

TagsNo tags attached.

Relationships

related to 0022073 closeddregad Potentially serious RCE vulnerability in bundled PHPMailer before 5.2.18 (CVE-2016-10033) 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-1.3.x 22a9aab5

2017-01-16 03:26:53

dregad

Details Diff
Update PHPMailer library to 5.2.22

Security update (CVE-2017-5223, CVE-2016-10045); see [1] for details.

Fixes 0022207

[1] https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md
mod - library/README.md Diff File
mod - library/phpmailer Diff File

MantisBT: master-2.1 385a13cb

2017-03-29 12:13:40

dregad

Details Diff
Restore PHPMailer to 5.2.22

The library was reverted to 5.2.21 by mistake in Mantis 2.1.0, see
commit d987488b8d62d267cbcfb85b72b97531d79feee6.

Issue 0022207
mod - library/phpmailer Diff File

MantisBT: master-2.2 c83fe546

2017-03-29 12:13:40

dregad

Details Diff
Restore PHPMailer to 5.2.22

The library was reverted to 5.2.21 by mistake in Mantis 2.1.0, see
commit d987488b8d62d267cbcfb85b72b97531d79feee6.

Issue 0022207
mod - library/phpmailer Diff File

Issue History

Date Modified Username Field Change
2017-01-16 03:32 dregad New Issue
2017-01-16 03:32 dregad Status new => assigned
2017-01-16 03:32 dregad Assigned To => dregad
2017-01-16 03:33 dregad Relationship added related to 0022073
2017-01-16 03:35 dregad Changeset attached => MantisBT master-1.3.x 22a9aab5
2017-01-16 03:35 dregad Status assigned => resolved
2017-01-16 03:35 dregad Resolution open => fixed
2017-01-16 03:35 dregad Fixed in Version => 1.3.6
2017-02-01 22:47 vboctor Status resolved => closed
2017-03-30 12:04 dregad Changeset attached => MantisBT master-2.1 385a13cb
2017-03-30 12:05 dregad Changeset attached => MantisBT master-2.2 c83fe546