This bug was fixed in the package smarty - 2.6.18-1ubuntu3
---------------
smarty (2.6.18-1ubuntu3) hardy; urgency=low
* SECURITY UPDATE: (LP: #202422)
+ libs/plugins/modifier.regex_replace.php
- The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
by Serendipity (S9Y) and other products, allows attackers to call
arbitrary
PHP functions via templates, related to a '\0' character in a search
string.
* References
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
-- Emanuele Gentili <[EMAIL PROTECTED]> Sat, 15 Mar 2008
06:54:31 +0100
** Changed in: smarty (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via
templates
https://bugs.launchpad.net/bugs/202422
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
