Joomla! Issue Tracker | Joomla! CMS #13628

htmgarcia
18 Jan 2017

Envato reported this vulnerability:

Just posting here to make it a higher priority.

htmgarcia - open - 18 Jan 2017

joomla-cms-bot - change - 18 Jan 2017

Labels

Added: ?

joomla-cms-bot - labeled - 18 Jan 2017

zero-24 - comment - 18 Jan 2017

Hmm did you read the report from the JSST?
The Joomla Core is not affected by this issue and the next update is going to fix that see: https://github.com/joomla/joomla-cms/blob/staging/libraries/vendor/phpmailer/phpmailer/VERSION

Or do i miss something?

mbabker - comment - 18 Jan 2017

Or do i miss something?

Nope. Pretty normal "hey, these guys issued a security release, you should do something" issue report. Happens with most repos.

Closing though. No action required, core has already updated the library.

mbabker - close - 18 Jan 2017

mbabker - change - 18 Jan 2017

htmgarcia - comment - 18 Jan 2017

Thanks @zero-24!
I missed that. Checked 3.7.0 alpha1 and didn't saw that update.

@ot2sen thanks! That's a good point to consider.

@mbabker it will be included with Joomla 3.7.0?

mbabker - comment - 18 Jan 2017

Alpha 1 was tagged before the PHPMailer vulnerabilities were disclosed/patched, kinda hard to include something from the future ?

htmgarcia - comment - 18 Jan 2017

@mbabker I value the time you take to answer my "silly" questions; however may you try to be a little humble when replying?

This part wasn't necessary.

kinda hard to include something from the future

Joomla! Issue Tracker - CMS