A message injection vulnerability was found in php-PHPMailer affecting versions before 5.2.14, caused by line breaks allowed in addresses, which is valid in RFC5322, but allowing such addresses resulted in invalid RFC5321 SMTP commands. These addresses were allowed by the 'pcre8' validator pattern. Upstream patch: https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 CVE assignment: http://seclists.org/oss-sec/2015/q4/435
Created php-PHPMailer tracking bugs for this issue: Affects: fedora-all [bug 1289094] Affects: epel-all [bug 1289095]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.