Updated package uploaded for cauldron and Mageia 7.

Advisory:
========================

Updated php-phpmailer package fixes security vulnerability:

Fix insufficient output escaping bug in file attachment names (CVE-2020-13625).


References:
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OBRDMEV3CB44CAAF5BOHFNV23JVRO6PZ/
https://github.com/advisories/GHSA-f7hx-fqxw-rvvj
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13625
========================

Updated packages in core/updates_testing:
========================
php-phpmailer-6.1.6-1.mga7.noarch.rpm

from php-phpmailer-6.1.6-1.mga7.src.rpm


Test procedure: https://bugs.mageia.org/show_bug.cgi?id=20069#c9

CC: (none) => mrambo
Whiteboard: MGA7TOO => (none)
Version: Cauldron => 7
Assignee: bugsquad => qa-bugs
Keywords: (none) => has_procedure

Installed and tested OK.


Tested using several production level PHP script and no issues were noticed.
Also tested using the minimal test PHP script below.


System: Mageia 7, x86_64, PHP 7.3.19, Intel CPU.

$ uname -a
Linux marte 5.6.14-desktop-2.mga7 #1 SMP Wed May 20 23:14:20 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
$ rpm -q php-phpmailer
php-phpmailer-6.1.6-1.mga7
$ php --version
PHP 7.3.19 (cli) (built: Jun 19 2020 09:13:44) ( NTS )
Copyright (c) 1997-2018 The PHP Group
Zend Engine v3.3.19, Copyright (c) 1998-2018 Zend Technologies
$ rpm -qa | grep php | sort
apache-mod_php-7.3.19-2.mga7
lib64php_common7-7.3.19-2.mga7
php-bz2-7.3.19-2.mga7
php-channel-phpunit-1.3-16.mga7
php-cli-7.3.19-2.mga7
php-ctype-7.3.19-2.mga7
php-curl-7.3.19-2.mga7
php-dom-7.3.19-2.mga7
php-exif-7.3.19-2.mga7
php-fileinfo-7.3.19-2.mga7
php-filter-7.3.19-2.mga7
php-fpm-7.3.19-2.mga7
php-ftp-7.3.19-2.mga7
php-gd-7.3.19-2.mga7
php-gettext-7.3.19-2.mga7
php-hash-7.3.19-2.mga7
php-iconv-7.3.19-2.mga7
php-imagick-3.4.4-1.mga7
php-ini-7.3.19-2.mga7
php-intl-7.3.19-2.mga7
php-json-7.3.19-2.mga7
php-ldap-7.3.19-2.mga7
php-mbstring-7.3.19-2.mga7
phpmyadmin-4.9.5-1.mga7
php-mysqli-7.3.19-2.mga7
php-mysqlnd-7.3.19-2.mga7
php-openssl-7.3.19-2.mga7
php-pdo-7.3.19-2.mga7
php-pdo_mysql-7.3.19-2.mga7
php-pdo_sqlite-7.3.19-2.mga7
php-pear-1.10.9-1.mga7
php-pear-Auth_SASL-1.1.0-1.mga7
php-pear-channel-horde-1.0-21.mga7
php-pear-channel-symfony2-1.0-7.mga7
php-pear-Console_Color2-0.1.2-7.mga7
php-pear-Console_CommandLine-1.2.2-2.mga7
php-pear-Console_Getargs-1.4.0-2.mga7
php-pear-Console_Table-1.3.1-2.mga7
php-pear-Crypt_GPG-1.6.3-1.mga7
php-pear-DbUnit-1.3.1-6.mga7
php-pear-Event_Dispatcher-1.1.0-10.mga7
php-pear-File_Find-1.3.3-5.mga7
php-pear-File_Iterator-1.3.4-6.mga7
php-pear-HTML_Common-1.2.5-9.mga7
php-pear-HTML_CSS-1.5.4-12.mga7
php-pear-HTML_Table-1.8.4-2.mga7
php-pear-HTTP_Request2-2.3.0-2.mga7
php-pear-Mail_Mime-1.10.2-2.mga7
php-pear-Net_IDNA2-0.2.0-2.mga7
php-pear-Net_LDAP2-2.2.0-1.mga7
php-pear-Net_Sieve-1.4.4-1.mga7
php-pear-Net_SMTP-1.8.1-1.mga7
php-pear-Net_Socket-1.2.2-2.mga7
php-pear-Net_URL2-2.2.1-2.mga7
php-pear-PEAR_PackageFileManager-1.7.2-2.mga7
php-pear-PEAR_PackageFileManager2-1.0.4-6.mga7
php-pear-PEAR_PackageFileManager_Plugins-1.0.4-2.mga7
php-pear-PHP_CodeCoverage-1.2.17-6.mga7
php-pear-PHP_CompatInfo-1.9.0-13.mga7
php-pear-PHP_Invoker-1.1.3-6.mga7
php-pear-PHP_Timer-1.0.5-6.mga7
php-pear-PHP_TokenStream-1.2.2-5.mga7
php-pear-PHPUnit-3.7.34-4.mga7
php-pear-PHPUnit_MockObject-1.2.3-6.mga7
php-pear-PHPUnit_Selenium-1.3.3-6.mga7
php-pear-PHPUnit_Story-1.0.2-6.mga7
php-pear-Services_W3C_CSSValidator-0.2.3-7.mga7
php-pear-Symfony2_Yaml-2.4.4-5.mga7
php-pear-Text_Diff-1.2.2-2.mga7
php-pear-Text_Template-1.2.0-5.mga7
php-pear-XML_Parser-1.3.7-2.mga7
php-pear-XML_Serializer-0.21.0-2.mga7
php-phpmailer-6.1.6-1.mga7
php-posix-7.3.19-2.mga7
php-session-7.3.19-2.mga7
php-sockets-7.3.19-2.mga7
php-sysvsem-7.3.19-2.mga7
php-sysvshm-7.3.19-2.mga7
php-tokenizer-7.3.19-2.mga7
php-xml-7.3.19-2.mga7
php-xmlreader-7.3.19-2.mga7
php-xmlwriter-7.3.19-2.mga7
php-zip-7.3.19-2.mga7
php-zlib-7.3.19-2.mga7



=======BEGIN mailtest.php
<?php

require "PHPMailer.php";
require "Exception.php";
require "SMTP.php";

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\SMTP;

//////////////////
/// Set these variables to something appropriate for your email SMTP account.
$SMTP_HOST = "";
$SMTP_USERNAME = "";
$SMTP_PASSWORD = "";
$FROM_EMAIL = "";
$FROM_NAME = "";
$REPLY_EMAIL = ""
$REPLY_NAME = ""
//////////////

$mail = new PHPMailer;
$mail->Mailer = "smtp";
$mail->Host = $SMTP_HOST;
$mail->Username = $SMTP_USERNAME;
$mail->Password = $SMTP_PASSWORD;
$mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
$mail->SMTPAuth = true;
$mail->AuthType = "PLAIN";
$mail->SMTPDebug = SMTP::DEBUG_LOWLEVEL;
$mail->setFrom($FROM_EMAIL, $FROM_NAME);
$mail->addReplyTo($REPLY_EMAIL, $REPLY_NAME);
$mail->addAddress($TO_EMAIL, $TO_NAME);
$mail->Subject = 'PHPMailer mail() test';
$mail->msgHTML(file_get_contents('contents.html'), __DIR__);
$mail->AltBody = 'This is a plain-text message body';
$mail->addAttachment('image.png');
if (!$mail->send()) {
    echo 'Mailer Error: '. $mail->ErrorInfo;
} else {
    echo 'Message sent!';
}

?>
=======END mailtest.php

CC: (none) => mageia
Whiteboard: (none) => MGA7-64-OK

Validating. Advisory in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

srpm in advisory on svn fixed.

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0313.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED