Re: Regarding SA32329 (Smarty "_expand_quoted_text()" Security Bypass)

[Steffen Joeris <steffen.joeris () skolelinux de>]

On Sun, 26 Oct 2008 12:20:54 am Robert Buchholz wrote:
> Hi,
>
> unfortunately, Secunia does not list any references for SA32329 [1].
> Apparantly, they are refering to the last three commits to
> libs/Smarty_Compiler.class.php, r2781:2797 [2].
>
> However, this issue is not fixed in 2.6.20, and I could not find a
> 2.6.20-1 release. I have no idea where this version information comes
> from.
>
> It might be worthwhile to check applications that bundle smarty, like
> tikiwiki, gallery 2 or PEAR-PhpDocumentor.
This issue has now been given CVE-2008-4810 and CVE-2008-4811. However, isn't 
CVE-2008-4811 already covered by CVE-2008-4810 or could someone please 
enlighten me?
The latest patch I can see from upstream is an additional preg_replace() and 
he kept the old one.

Cheers
Steffen

Attachment: signature.asc
Description: This is a digitally signed message part.