Details

    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 3.1.3, 3.2.1
    • Fix Version/s: None
    • Component/s: Libraries
    • Labels:
      None
    • Affected Branches:
      MOODLE_31_STABLE, MOODLE_32_STABLE
    • Epic Link:

      Description

      In MDL-57531 we fixed the recently reported security issues in phpmailer by validating before sending to phpmailer.

      This issue is to upgrade the library, following that mitigation of the security issue

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

              Hide
              matteo Matteo Scaramuccia added a comment -

              PHPMailer 5.2.22 just released, addressing CVE-2017-5223:

              local file disclosure vulnerability if content passed to msgHTML() is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML() without a $basedir will not import images with relative URLs, and relative URLs containing .. will be ignored.

              The fix: https://github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402 .

              Show
              matteo Matteo Scaramuccia added a comment - PHPMailer 5.2.22 just released, addressing CVE-2017-5223: local file disclosure vulnerability if content passed to msgHTML() is sourced from unfiltered user input. Reported by Yongxiang Li of Asiasecurity. The fix for this means that calls to msgHTML() without a $basedir will not import images with relative URLs, and relative URLs containing .. will be ignored. The fix: https://github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402 .

                People

                • Votes:
                  2 Vote for this issue
                  Watchers:
                  5 Start watching this issue

                  Dates

                  • Created:
                    Updated: