Candidate: CVE-2018-19296
PublicDate: 2018-11-16 09:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19296
 https://github.com/PHPMailer/PHPMailer/commit/f1231a9771505f4f34da060390d82eadb8448271
 https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.27
 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.0.6
Description:
 PHPMailer before 5.2.27 and 6.x before 6.0.6 is vulnerable to an object
 injection attack.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_libphp-phpmailer:
upstream_libphp-phpmailer: released (5.2.14+dfsg-2.3+deb9u1, 5.2.14+dfsg-2.4)
precise/esm_libphp-phpmailer: DNE
trusty_libphp-phpmailer: ignored (reached end-of-life)
trusty/esm_libphp-phpmailer: DNE (trusty was needed)
xenial_libphp-phpmailer: ignored (end of standard support, was needed)
bionic_libphp-phpmailer: released (5.2.14+dfsg-2.3+deb9u1build0.18.04.1)
cosmic_libphp-phpmailer: released (5.2.14+dfsg-2.3+deb9u1build0.18.04.1)
disco_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)
eoan_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)
focal_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)
groovy_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)
hirsute_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)
impish_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)
jammy_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)
devel_libphp-phpmailer: not-affected (5.2.14+dfsg-2.4)