oss-sec mailing list archives

CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Thu, 24 Feb 2011 22:06:50 +0100

Hello Josh, Steve, vendors,

  Smarty upstream has released v3.0.7 on 11-th of February 2011:
  [1] http://groups.google.com/group/smarty-announce/browse_thread/thread/18af294596756ac8

  addressing one security flaw:
  [2] http://www.smarty.net/forums/viewtopic.php?t=18815
  [3] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
  [4] http://secunia.com/advisories/43284/

Not sure this one got a CVE identifier already. If not, could you allocate one?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Jan Lieskovsky (Feb 24)
- Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Josh Bressers (Feb 28)