[oss-security] CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass

Hello Josh, Steve, vendors,

   Smarty upstream has released v3.0.7 on 11-th of February 2011:
   [1] http://groups.google.com/group/smarty-announce/browse_thread/thread/18af294596756ac8

   addressing one security flaw:
   [2] http://www.smarty.net/forums/viewtopic.php?t=18815
   [3] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
   [4] http://secunia.com/advisories/43284/

Not sure this one got a CVE identifier already. If not, could you allocate one?

Thanks && Regards, Jan.
-- Jan iankko Lieskovsky / Red Hat Security Response Team

• This message: [ Message body ]
• Next message: Kees Cook: "[oss-security] CVE request: kernel: CAP_SYS_MODULE bypass via CAP_NET_ADMIN"
• Previous message: Josh Bressers: "Re: [oss-security] CVE Request -- logwatch: Privilege escalation due improper sanitization of special characters in log file names"
• Next in thread: Josh Bressers: "Re: [oss-security] CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass"
• Reply: Josh Bressers: "Re: [oss-security] CVE Request -- Smarty -- {smarty.template} && {smarty.currentdir} security bypass"

• Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]