svn commit: r448608 - head/security/vuxml
Torsten Zuehlsdorff
tz at FreeBSD.org
Wed Aug 23 12:54:49 UTC 2017
Author: tz
Date: Wed Aug 23 12:54:48 2017
New Revision: 448608
URL: https://svnweb.freebsd.org/changeset/ports/448608
Log:
Document vulnerabilities of mail/phpmailer
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Wed Aug 23 12:50:31 2017 (r448607)
+++ head/security/vuxml/vuln.xml Wed Aug 23 12:54:48 2017 (r448608)
@@ -58,6 +58,38 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="c5d79773-8801-11e7-93f7-d43d7e971a1b">
+ <topic>phpmailer -- XSS in code example and default exeception handler</topic>
+ <affects>
+ <package>
+ <name>phpmailer</name>
+ <range><lt>5.2.24</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>PHPMailer reports:</p>
+ <blockquote cite="https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24">
+ <p>Fix XSS vulnerability in one of the code examples, CVE-2017-11503. The
+ code_generator.phps example did not filter user input prior to output. This
+ file is distributed with a .phps extension, so it it not normally executable
+ unless it is explicitly renamed, so it is safe by default. There was also an
+ undisclosed potential XSS vulnerability in the default exception handler
+ (unused by default). Patches for both issues kindly provided by Patrick
+ Monnerat of the Fedora Project.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <url>https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.24</url>
+ <cvename>CVE-2017-11503</cvename>
+ </references>
+ <dates>
+ <discovery>2017-07-27</discovery>
+ <entry>2017-08-23</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3531141d-a708-477c-954a-2a0549e49ca9">
<topic>salt -- Maliciously crafted minion IDs can cause unwanted directory traversals on the Salt-master</topic>
<affects>
More information about the svn-ports-all
mailing list