Fedora: FEDORA-2018-0f5e6e9957 moderate: php-phpmailer6 object injection

PHPMailer - A full-featured email creation and transfer class for PHP

Class Features

* Probably the world's most popular code for sending email from PHP!

* Used by many open-source projects:

WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more

* Integrated SMTP support - send without a local mail server

* Send emails with multiple To, CC, BCC and Reply-to addresses

* Multipart/alternative emails for mail clients that do not read HTML email

* Add attachments, including inline

* Support for UTF-8 content and 8bit, base64, binary, and quoted-printable

encodings

* SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms

over SSL and SMTP+STARTTLS transports

* Validates email addresses automatically

* Protect against header injection attacks

* Error messages in 47 languages!

* DKIM and S/MIME signing support

* Compatible with PHP 5.5 and later

* Namespaced to prevent name clashes

* Much more!

Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php

**Version 6.0.6** * **SECURITY** Fix potential object injection

vulnerability. **CVE-2018-19296**. Reported by Sehun Oh of cyberone.kr. *

Added Tagalog translation, thanks to StoneArtz * Added Malagache translation,

thanks to Hackinet * Updated Serbian translation, fixed incorrect language

code, thanks to mmilanovic4 * Updated Arabic translations (MicroDroid) *

Updated Hungarian translations * Updated Dutch translations * Updated

Slovenian translation (filips123) * Updated Slovak translation (pcmanik) *

Updated Italian translation (sabas) * Updated Norwegian translation (aleskr)

* Updated Indonesian translation (mylastof) * Add constants for common

values, such as text/html and quoted-printable, and use them * Added support

for copied headers in DKIM, helping with debugging, and an option to add extra

headers to the DKIM signature. See DKIM_sign example for how to use them. Thanks

to gwi-mmuths. * Add Campaign Monitor transaction ID pattern matcher *

Remove deprecated constant and ini values causing warnings in PHP 7.3, added PHP

7.3 build to Travis config. * Expanded test coverage

* Fri Nov 16 2018 Remi Collet - 6.0.6-1

- update to 6.0.6

su -c 'dnf upgrade --advisory FEDORA-2018-0f5e6e9957' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/