*** This bug is a duplicate of bug 202422 ***
https://bugs.launchpad.net/bugs/202422
*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: smarty
References:
DSA-1520-1 (http://www.debian.org/security/2008/dsa-1520)
Quoting:
"It was discovered that the regex module in Smarty, a PHP templating engine,
allows attackers to call arbitrary PHP functions via templates using the
regex_replace plugin by a specially crafted search string."
** Affects: smarty (Ubuntu)
Importance: Undecided
Status: New
** Affects: smarty (Debian)
Importance: Unknown
Status: Unknown
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2008-1066
** Bug watch added: Debian Bug tracker #469492
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
** Also affects: smarty (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
Importance: Unknown
Status: Unknown
** This bug has been marked a duplicate of bug 202422
CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via
templates
--
[smarty] [CVE-2008-1066] arbitrary code execution
https://bugs.launchpad.net/bugs/203457
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
