Errata overview
Errata ID 567
Date 2018-12-19
Source package php5
Fixed in version 5.6.39+dfsg-0+deb8u1
This update addresses the following issues:
* imap_open() allows running arbitrary shell commands via mailbox parameter
* ext/imap/php_imap.c allows remote attackers to cause a denial of service
  (NULL pointer dereference and application crash) via an empty string in the
  message argument to the imap_mail function. (CVE-2018-19935)
Additional notes
CVE ID CVE-2018-19518
UCS Bug number #48365