PHPMailer before 6.5.0 allows remote code execution if lang_path is untrusted data and has a UNC pathname. References: https://github.com/PHPMailer/PHPMailer/blob/master/SECURITY.md https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YRMWGA4VTMXFB22KICMB7YMFZNFV3EJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FJYSOFCUBS67J3TKR74SD3C454N7VTYM/
Created php-PHPMailer tracking bugs for this issue: Affects: epel-7 [bug 1978132] Affects: fedora-33 [bug 1978130] Affects: fedora-34 [bug 1978131]