PublicDateAtUSN: 2020-06-08 17:15:00 UTC
Candidate: CVE-2020-13625
PublicDate: 2020-06-08 17:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
 https://github.com/PHPMailer/PHPMailer/security/advisories/GHSA-f7hx-fqxw-rvvj
 https://github.com/PHPMailer/PHPMailer/commit/c2796cb1cb99d7717290b48c4e6f32cb6c60b7b3
 https://github.com/PHPMailer/PHPMailer/releases/tag/v6.1.6
 https://ubuntu.com/security/notices/USN-4505-1
Description:
 PHPMailer before 6.1.6 contains an output escaping bug when the name of a
 file attachment contains a double quote character. This can result in the
 file type being misinterpreted by the receiver or any mail relay processing
 the message.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_libphp-phpmailer:
upstream_libphp-phpmailer: needs-triage
precise/esm_libphp-phpmailer: DNE
trusty_libphp-phpmailer: ignored (out of standard support)
trusty/esm_libphp-phpmailer: DNE
xenial_libphp-phpmailer: ignored (end of standard support, was needed)
bionic_libphp-phpmailer: released (5.2.14+dfsg-2.3+deb9u2build0.18.04.1)
eoan_libphp-phpmailer: not-affected
focal_libphp-phpmailer: not-affected
groovy_libphp-phpmailer: not-affected (6.1.6-1)
hirsute_libphp-phpmailer: not-affected (6.1.6-1)
impish_libphp-phpmailer: not-affected (6.1.6-1)
jammy_libphp-phpmailer: not-affected (6.1.6-1)
devel_libphp-phpmailer: not-affected (6.1.6-1)