[Bug 202422] Re: CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates

Launchpad Bug Tracker Mon, 24 Mar 2008 06:10:48 -0700

This bug was fixed in the package smarty - 2.6.14-1ubuntu0.7.04.1

---------------
smarty (2.6.14-1ubuntu0.7.04.1) feisty-security; urgency=low


  * SECURITY UPDATE: (LP: #202422)
   + libs/plugins/modifier.regex_replace.php
    - The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
      by Serendipity (S9Y) and other products, allows attackers to call 
arbitrary
      PHP functions via templates, related to a '\0' character in a search 
string.

  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492

 -- Emanuele Gentili <[EMAIL PROTECTED]>   Sat, 15 Mar 2008
07:21:09 +0100

-- 
CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via 
templates
https://bugs.launchpad.net/bugs/202422
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 202422] Re: CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates

Reply via email to