oss-sec mailing list archives
CVE Request: smarty: secure mode bypass
From: Salvatore Bonaccorso <carnil () debian org>
Date: Wed, 22 Oct 2014 21:53:57 +0200
Hi Can a CVE be assigned for the following smarty issue: upstream released new version 3.1.21:
Smarty 3.1.21 Released Oct 18, 2014 Smarty 3.1.21 minor bug fixes and improvements. Also following up a security bug fix where <script language="php"> tags still worked in secure mode. To note, this only affects users using Smarty in secure mode and exposing templates to untrusted third parties.
Changelog: https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902 Debian Bugreport: https://bugs.debian.org/765920 Regards, Salvatore
Current thread:
- CVE Request: smarty: secure mode bypass Salvatore Bonaccorso (Oct 22)
- Re: CVE Request: smarty: secure mode bypass cve-assign (Oct 22)