| Errata ID | 567 |
|---|---|
| Date | 2018-12-19 |
| Source package | php5 |
| Fixed in version | 5.6.39+dfsg-0+deb8u1 |
| Description | This update addresses the following issues: * imap_open() allows running arbitrary shell commands via mailbox parameter (CVE-2018-19518) * ext/imap/php_imap.c allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function. (CVE-2018-19935) |
| Additional notes | |
| CVE ID | CVE-2018-19518 CVE-2018-19935 |
| UCS Bug number | #48365 |
