Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits: fb02d924 by Salvatore Bonaccorso at 2018-01-14T13:56:26+01:00 One smarty3 issue fixed a long time ago in 3.0.7 upstream Actually since this is bascially a non-issue and never got a either a CVE nor a Debian BTS reference we might have removed it completely. Since bugix tracking clear now kept it as alternative choice. - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== --- a/data/CVE/list +++ b/data/CVE/list @@ -195496,10 +195496,11 @@ CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3 NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586 NOTE: http://www.exploit-db.com/exploits/16129/ CVE-2011-XXXX [incorrect handling of {$smarty.template} and {$smarty.current_dir}] - - smarty3 <unfixed> (unimportant) + - smarty3 3.0.8-1 (unimportant) - smarty <removed> (unimportant) NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815 NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989 + NOTE: https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb(3.0.7) NOTE: non-issue in practice, if you can place arbitrary template files you have worse problems CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in ...) {DSA-2167-1} View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb02d924309fb49d8187fa92260dffe359a7f9ee --- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb02d924309fb49d8187fa92260dffe359a7f9ee You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits