Accepted:
OK: smarty_2.6.11.orig.tar.gz
OK: smarty_2.6.11-1ubuntu0.1.diff.gz
OK: smarty_2.6.11-1ubuntu0.1.dsc
-> Component: universe Section: web
OK: smarty_2.6.11-1ubuntu0.1_all.deb
Format: 1.7
Date: Sat, 15 Mar 2008 07:33:32 +0100
Source: smarty
Binary: smarty
Architecture: all source
Version: 2.6.11-1ubuntu0.1
Distribution: dapper-security
Urgency: low
Maintainer: Dimitri Fontaine <[EMAIL PROTECTED]>
Changed-By: Emanuele Gentili <[EMAIL PROTECTED]>
Description:
smarty - Template engine for PHP
Changes:
smarty (2.6.11-1ubuntu0.1) dapper-security; urgency=low
.
* SECURITY UPDATE: (LP: #202422)
+ libs/plugins/modifier.regex_replace.php
- The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
by Serendipity (S9Y) and other products, allows attackers to call
arbitrary
PHP functions via templates, related to a '\0' character in a search
string.
.
* References
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
Files:
3a1fb1ac4a371cd97c9eecee0e646072 181606 web optional
smarty_2.6.11-1ubuntu0.1_all.deb
a86163cb9391cb8796ee2f075bc28a6c 634 web optional smarty_2.6.11-1ubuntu0.1.dsc
5383c79f5d0c4605474b857a4c7023bf 3900 web optional
smarty_2.6.11-1ubuntu0.1.diff.gz
--
dapper-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/dapper-changes
