Ubuntu Security Notice 4505-1 - Elar Lang discovered that PHPMailer did not properly escape double quote characters in filenames. A remote attacker could possibly exploit this with a crafted filename to bypass attachment filters that are based on matching filename extensions.
b2d484281a33a4d7727e87e97f4ad0a528c3f167a6f30c779515d02b96bffeb5