oss-sec mailing list archives
CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass
From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 24 Feb 2011 22:06:50 +0100
Hello Josh, Steve, vendors, Smarty upstream has released v3.0.7 on 11-th of February 2011: [1] http://groups.google.com/group/smarty-announce/browse_thread/thread/18af294596756ac8 addressing one security flaw: [2] http://www.smarty.net/forums/viewtopic.php?t=18815 [3] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt [4] http://secunia.com/advisories/43284/ Not sure this one got a CVE identifier already. If not, could you allocate one? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Jan Lieskovsky (Feb 24)
- Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Josh Bressers (Feb 28)