oss-security February 2011 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE Request -- Smarty -- {smarty.te

[oss-security] CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass

From: Jan Lieskovsky <jlieskov_at_nospam>
Date: Thu Feb 24 2011 - 21:06:50 GMT
To: "Steven M. Christey" <coley@linus.mitre.org>

Hello Josh, Steve, vendors,

   Smarty upstream has released v3.0.7 on 11-th of February 2011:
   [1] http://groups.google.com/group/smarty-announce/browse_thread/thread/18af294596756ac8

   addressing one security flaw:
   [2] http://www.smarty.net/forums/viewtopic.php?t=18815
   [3] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
   [4] http://secunia.com/advisories/43284/

Not sure this one got a CVE identifier already. If not, could you allocate one?

Thanks && Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Response Team