View Issue Details

IDProjectCategoryView StatusLast Update
0027003mantisbtsecuritypublic2020-08-07 20:25
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Target Version2.24.2Fixed in Version2.24.2 
Summary0027003: Update PHPMailer from 6.1.4 to 6.1.6
Description

PHPMailer 6.1.6 fixes a vulnerability : Insufficient output escaping of attachment names (CVE-2020-13625), see the advisory for details.

PR: https://github.com/mantisbt/mantisbt/pull/1676

TagsNo tags attached.

Relationships

related to 0026784 closeddregad Update PHPMailer from 6.1.4 to 6.1.5 
related to 0026475 closeddregad Update phpmailer/phpmailer from 6.1.3 to 6.1.4 
related to 0027118 resolveddregad Update PHPMailer to 6.1.7 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-2.24 2fc66610

2020-06-03 04:55:09

dregad

Details Diff
Bump phpmailer/phpmailer from 6.1.5 to 6.1.6

Includes security fix for CVE-2020-13625: Insufficient output escaping
of attachment names [1]

- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](PHPMailer/PHPMailer@v6.1.5...v6.1.6)

Fixes 0027003

[1]: https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
Affected Issues
0027003
mod - composer.lock Diff File

Issue History

Date Modified Username Field Change
2020-06-03 04:33 dregad New Issue
2020-06-03 04:33 dregad Status new => assigned
2020-06-03 04:33 dregad Assigned To => dregad
2020-06-03 04:33 dregad Issue generated from: 0026784
2020-06-03 04:33 dregad Relationship added related to 0026784
2020-06-03 04:33 dregad Relationship added related to 0026475
2020-06-03 04:40 dregad Target Version => 2.24.2
2020-06-03 04:57 dregad Changeset attached => MantisBT master-2.24 2fc66610
2020-06-03 04:57 dregad Status assigned => resolved
2020-06-03 04:57 dregad Resolution open => fixed
2020-06-03 04:57 dregad Fixed in Version => 2.24.2
2020-08-01 09:45 dregad Issue cloned: 0027118
2020-08-01 09:45 dregad Relationship added related to 0027118
2020-08-07 20:25 dregad Status resolved => closed