Ubuntu Security Notice 5956-1 - Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM. It was discovered that PHPMailer was not properly escaping characters in certain fields of the code_generator.php example code. An attacker could possibly use this issue to conduct cross-site scripting attacks. This issue was only fixed in Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
222714e4ee696b2603d69df38c77117f2e5b2027b932d6a069bca47f30bd053c
Ubuntu Security Notice 5956-2 - USN-5956-1 fixed vulnerabilities in PHPMailer. It was discovered that the fix for CVE-2017-11503 was incomplete. This update fixes the problem. Dawid Golunski discovered that PHPMailer was not properly escaping user input data used as arguments to functions executed by the system shell. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 16.04 ESM.
80b3365b80c510d9ed0f8f67ed3b629ab7b2e844952fb217a7a549d591be9150
PHPMailer versions 5.2.21 and below suffer from a file disclosure vulnerability.
eeaeefcdff3722b2ec1cf3d9459357dc5de426bb7f1c9fb2f39b503acf3a27d4