Fedora Update Notification
2021-06-26 01:00:34.124221

Name        : php-phpmailer6
Product     : Fedora 34
Version     : 6.5.0
Release     : 1.fc34
URL         : https://github.com/PHPMailer/PHPMailer
Summary     : Full-featured email creation and transfer class for PHP
Description :
PHPMailer - A full-featured email creation and transfer class for PHP

Class Features
* Probably the world's most popular code for sending email from PHP!
* Used by many open-source projects:
  WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more
* Integrated SMTP support - send without a local mail server
* Send emails with multiple To, CC, BCC and Reply-to addresses
* Multipart/alternative emails for mail clients that do not read HTML email
* Add attachments, including inline
* Support for UTF-8 content and 8bit, base64, binary, and quoted-printable
* SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms
  over SSL and SMTP+STARTTLS transports
* Validates email addresses automatically
* Protect against header injection attacks
* Error messages in 47 languages!
* DKIM and S/MIME signing support
* Compatible with PHP 5.5 and later
* Namespaced to prevent name clashes
* Much more!

Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php

Update Information:

**Version 6.5.0** (June 16th, 2021)  * **SECURITY** Fixes **CVE-2021-34551**, a
complex RCE affecting Windows hosts. See SECURITY.md for details. * The fix for
this issue changes the way that language files are loaded. While they remain in
the same PHP-like format, they are processed as plain text, and any code in them
will not be run, including operations such as concatenation using the `.`
operator. * *Deprecation* The current translation file format using PHP arrays
is now deprecated; the next major version will introduce a new format. *
**SECURITY** Fixes **CVE-2021-3603** that may permit untrusted code to be run
from an address validator. See SECURITY.md for details. * The fix for this issue
includes a minor BC break: callables injected into `validateAddress`, or
indirectly through the `$validator` class property, may no longer be simple
strings. If you want to inject your own validator, provide a closure instead of
a function name. * Haraka message ID strings are now recognised

* Thu Jun 17 2021 Remi Collet  - 6.5.0-1
- update to 6.5.0

  [ 1 ] Bug #1973425 - CVE-2021-3603 php-PHPMailer: inclusion of functionality from untrusted control sphere vulnerability

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-bfc34b3d5c' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure