Quoting Thijs Kinkhorst ([EMAIL PROTECTED]): > I've checked this file out in detail, and it doesn't use the vulnerable > function of this Smarty security bug. > > That means that there's no immediate security problem fortunately, but that > still leaves the problem of removing the embedded smarty code before this > package can be released. > > As only this one file uses it, either removing it from that file, or making > that file use the archive copy of smarty are acceptable solutions to this > bug.
Please note that I recently announced a possible NMU targeted at fixing longstanding l10n bugs. I have no clue about this specific bug but in case someone provides a patch, I'll be happy to include it...in case the package maintainer doesn't give news in a timely manner.
signature.asc
Description: Digital signature
