Fedora 25: php-PHPMailer Security Update 2016-6941d25875
Summary
Full Featured Email Transfer Class for PHP. PHPMailer features:
* Supports emails digitally signed with S/MIME encryption!
* Supports emails with multiple TOs, CCs, BCCs and REPLY-TOs
* Works on any platform.
* Supports Text & HTML emails.
* Embedded image support.
* Multipart/alternative emails for mail clients that do not read
HTML email.
* Flexible debugging.
* Custom mail headers.
* Redundant SMTP servers.
* Support for 8bit, base64, binary, and quoted-printable encoding.
* Word wrap.
* Multiple fs, string, and binary attachments (those from database,
string, etc).
* SMTP authentication.
* Tested on multiple SMTP servers: Sendmail, qmail, Postfix, Gmail,
Imail, Exchange, etc.
* Good documentation, many examples included in download.
* It's swift, small, and simple.
Update Information:
**Version 5.2.21** (December 28th 2016) * Fix missed number update in version file - no functional changes ---- **Version 5.2.20** (December 28th 2016) * **SECURITY** Critical security update for CVE-2016-10045 please update now! Thanks to [Dawid Golunski](https://legalhackers.com) and Paul Buonopane (Zenexer). ---- ** Version 5.2.19** (December 26th 2016) * Minor cleanup ** Version 5.2.18** (December 24th 2016) * **SECURITY** Critical security update for CVE-2016-10033 please update now! Thanks to [Dawid Golunski](https://legalhackers.com). * Add ability to extract the SMTP transaction ID from some common SMTP success messages * Minor documentation tweaks ** Version 5.2.17** (December 9th 2016) * This is officially the last feature release of 5.2. Security fixes only from now on; use PHPMailer 6.0! * Allow DKIM private key to be provided as a string * Provide mechanism to allow overriding of boundary and message ID creation * Improve Brazilian Portuguese, Spanish, Swedish, Romanian, and German translations * PHP 7.1 support for Travis-CI * Fix some language codes * Add security notices * Improve DKIM compatibility in older PHP versions * Improve trapping and capture of SMTP connection errors * Improve passthrough of error levels for debug output * PHPDoc cleanup
Change Log
References
[ 1 ] Bug #1409489 - CVE-2016-10033 phpmailer: Parameter injection via mail() function https://bugzilla.redhat.com/show_bug.cgi?id=1409489
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade php-PHPMailer' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html