oss-sec mailing list archives

Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass

From: Josh Bressers <bressers () redhat com>
Date: Mon, 28 Feb 2011 15:39:21 -0500 (EST)

Please use CVE-2011-1028.

Thanks.

-- 
    JB

----- Original Message -----

Hello Josh, Steve, vendors,

Smarty upstream has released v3.0.7 on 11-th of February 2011:
[1]
http://groups.google.com/group/smarty-announce/browse_thread/thread/18af294596756ac8

addressing one security flaw:
[2] http://www.smarty.net/forums/viewtopic.php?t=18815
[3]
http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
[4] http://secunia.com/advisories/43284/

Not sure this one got a CVE identifier already. If not, could you
allocate one?

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Jan Lieskovsky (Feb 24)
- Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Josh Bressers (Feb 28)