Fedora Linux 7996 Published by

A php-phpmailer6 security update has been released for Fedora 37.



[SECURITY] Fedora 37 Update: php-phpmailer6-6.8.1-1.fc37


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-f2be748f28
2023-09-07 01:42:04.670690
--------------------------------------------------------------------------------

Name : php-phpmailer6
Product : Fedora 37
Version : 6.8.1
Release : 1.fc37
URL : https://github.com/PHPMailer/PHPMailer
Summary : Full-featured email creation and transfer class for PHP
Description :
PHPMailer - A full-featured email creation and transfer class for PHP

Class Features
* Probably the world's most popular code for sending email from PHP!
* Used by many open-source projects:
WordPress, Drupal, 1CRM, SugarCRM, Yii, Joomla! and many more
* Integrated SMTP support - send without a local mail server
* Send emails with multiple To, CC, BCC and Reply-to addresses
* Multipart/alternative emails for mail clients that do not read HTML email
* Add attachments, including inline
* Support for UTF-8 content and 8bit, base64, binary, and quoted-printable
encodings
* SMTP authentication with LOGIN, PLAIN, CRAM-MD5 and XOAUTH2 mechanisms
over SSL and SMTP+STARTTLS transports
* Validates email addresses automatically
* Protect against header injection attacks
* Error messages in 47 languages!
* DKIM and S/MIME signing support
* Compatible with PHP 5.5 and later
* Namespaced to prevent name clashes
* Much more!

Autoloader: /usr/share/php/PHPMailer/PHPMailer6/autoload.php

--------------------------------------------------------------------------------
Update Information:

Minor security note * The DSN support added in 6.8.0 reflects the DSN back to
the user in an error message if it is invalid. If a DSN uses user-supplied input
(a very bad idea), it opens a distant possibility of XSS if the host app does
not escape output. In an abundance of caution, malformed DSNs are no longer
reflected in error messages. Changes * Don't reflect malformed DSNs in
error messages to avert any risk of XSS * Improve Simplified Chinese,
Sinhalese, and Norwegian translations * Don't use setAccessible in PHP >= 8.1
in tests * Avoid a deprecation notice in PHP 8.3 * Fix link in readme
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 29 2023 Remi Collet [remi@remirepo.net] - 6.8.1-1
- update to 6.8.1
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-f2be748f28' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------