oss-sec mailing list archives
Re: CVE Request: smarty: secure mode bypass
From: cve-assign () mitre org
Date: Thu, 23 Oct 2014 00:30:08 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Can a CVE be assigned for the following smarty issue: upstream released new version 3.1.21:Smarty 3.1.21 Released Oct 18, 2014 Smarty 3.1.21 minor bug fixes and improvements. Also following up a security bug fix where <script language="php"> tags still worked in secure mode. To note, this only affects users using Smarty in secure mode and exposing templates to untrusted third parties.https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902 https://bugs.debian.org/765920 {literal}<{/literal}script language=php>echo 1+1;</script>
Use CVE-2014-8350. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUSINZAAoJEKllVAevmvmsUZMH/jStJjghvRVAX4RijuoQ5Tuk ar0fNY4h8A8x/wb/Q7yfA06//uvPJeeUz6B1kptYnq6H+quBMm4JuWZSs1dRrjDi TJVmoNx4+bPPCfbaEsZfbX59HaDLf5rtDfeq1XeV+mHX7FgmuDcImDSsAjlra+Ko 2ixpC6NZG8ii58mikQial1wWlbvguCqkZPvV4KdkXbly+CEiA4/y4AIXEbAmSZyB oyDNkZdpOHrF5FoHWIqsTOysTvQaaC0jnJbuC9wvyPaOLJS39ZgRi7pVvz7UYv/r HvLTwoPJB9UmS/DeKV2nstkk+BpRJy+JqXITvwRGNl8FAIvxfxiRJAzLAQFNzzE= =3ELY -----END PGP SIGNATURE-----
Current thread:
- CVE Request: smarty: secure mode bypass Salvatore Bonaccorso (Oct 22)
- Re: CVE Request: smarty: secure mode bypass cve-assign (Oct 22)