This is a follow up of our mitigation action from DRUPAL-SA-PSA-2016-004 (https://status.amazee.io/incidents/y83q2t8mm7v1
It looks like the first patch of the vulnerability CVE-2016-10033 was incomplete. We're investigation actions and waiting for the patch to become available upstream.
Please note that the patch is not available yet. We'll update this issue as soon as the patch is available.
More information can be found here: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
As amazee.io cannot mitigate this issue from an infrastructure level, we informed all our clients which have PHPmailer 5.2.19 or earlier installed to update their codebase and with that fix their issue.
If you did not receive such an information, our scripts did not find your website affected and there is probably nothing to do as of right now (even though amazee.io strongly suggests to keep all websites up to date at any time).