View Issue Details

IDProjectCategoryView StatusLast Update
0027003mantisbtsecuritypublic2020-08-07 20:25
Reporterdregad Assigned Todregad  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Target Version2.24.2Fixed in Version2.24.2 
Summary0027003: Update PHPMailer from 6.1.4 to 6.1.6
Description

PHPMailer 6.1.6 fixes a vulnerability : Insufficient output escaping of attachment names (CVE-2020-13625), see the advisory for details.

PR: https://github.com/mantisbt/mantisbt/pull/1676

TagsNo tags attached.

Relationships

related to 0026784 closeddregad Update PHPMailer from 6.1.4 to 6.1.5 
related to 0026475 closeddregad Update phpmailer/phpmailer from 6.1.3 to 6.1.4 
related to 0027118 closeddregad Update PHPMailer to 6.3.0 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-2.24 2fc66610

2020-06-03 04:55:09

dregad

Details Diff
Bump phpmailer/phpmailer from 6.1.5 to 6.1.6

Includes security fix for CVE-2020-13625: Insufficient output escaping
of attachment names [1]

- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](PHPMailer/PHPMailer@v6.1.5...v6.1.6)

Fixes 0027003

[1]: https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
Affected Issues
0027003
mod - composer.lock Diff File