Page MenuHomePhabricator
Create Task
Maniphest T154368

PHPMailer vulnerability in Extension:EmailPage
Closed, ResolvedPublic
Actions

Description

Splitting from T154209. The PHPMailer dependency must be updated to 5.2.21 due to recent vulnerability reports:

Extension:EmailPage seems to be using a vulnerable version of PHPMailer.

Related Objects
Search...

StatusSubtypeAssignedTask
Restricted Task
 ResolvedPlatonidesT154368 PHPMailer vulnerability in Extension:EmailPage

Event Timeline

awight removed awight as the assignee of this task.Dec 31 2016, 5:09 PM
awight lowered the priority of this task from Unbreak Now! to High.
awight created this task.
awight created this object with visibility "Custom Policy".
Platonides closed this task as Resolved.Apr 26 2017, 9:59 PM
Platonides claimed this task.
Platonides subscribed.

https://code.organicdesign.co.nz/extensions/tree/master/MediaWiki/EmailPage/ shows that it is using PHPMailer-5.2.21

Platonides changed the visibility from "Custom Policy" to "Public (No Login Required)".Apr 26 2017, 9:59 PM
Nad added a comment.Apr 27 2017, 1:34 AM

I've upgraded extension to version 2.4.4 using PHP Mailer 5.2.23
https://www.mediawiki.org/wiki/Extension:EmailPage

chasemp added a project: Security.Feb 10 2020, 10:55 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:15 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL