Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200811042313.06873.steffen.joeris@skolelinux.de>
Date: Tue, 4 Nov 2008 23:13:02 +1100
From: Steffen Joeris <steffen.joeris@...lelinux.de>
To: oss-security@...ts.openwall.com
Cc: vuln@...unia.com,
 coley@...re.org
Subject: Re: Regarding SA32329 (Smarty "_expand_quoted_text()" Security Bypass)

On Sun, 26 Oct 2008 12:20:54 am Robert Buchholz wrote:
> Hi,
>
> unfortunately, Secunia does not list any references for SA32329 [1].
> Apparantly, they are refering to the last three commits to
> libs/Smarty_Compiler.class.php, r2781:2797 [2].
>
> However, this issue is not fixed in 2.6.20, and I could not find a
> 2.6.20-1 release. I have no idea where this version information comes
> from.
>
> It might be worthwhile to check applications that bundle smarty, like
> tikiwiki, gallery 2 or PEAR-PhpDocumentor.
This issue has now been given CVE-2008-4810 and CVE-2008-4811. However, isn't 
CVE-2008-4811 already covered by CVE-2008-4810 or could someone please 
enlighten me?
The latest patch I can see from upstream is an additional preg_replace() and 
he kept the old one.

Cheers
Steffen


Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.