oss-sec mailing list archives
Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass
From: Josh Bressers <bressers () redhat com>
Date: Mon, 28 Feb 2011 15:39:21 -0500 (EST)
Please use CVE-2011-1028. Thanks. -- JB ----- Original Message -----
Hello Josh, Steve, vendors, Smarty upstream has released v3.0.7 on 11-th of February 2011: [1] http://groups.google.com/group/smarty-announce/browse_thread/thread/18af294596756ac8 addressing one security flaw: [2] http://www.smarty.net/forums/viewtopic.php?t=18815 [3] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt [4] http://secunia.com/advisories/43284/ Not sure this one got a CVE identifier already. If not, could you allocate one? Thanks && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team
Current thread:
- CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Jan Lieskovsky (Feb 24)
- Re: CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass Josh Bressers (Feb 28)