|
Message-Id: <20141023043008.5B737C50B61@smtptsrv1.mitre.org> Date: Thu, 23 Oct 2014 00:30:08 -0400 (EDT) From: cve-assign@...re.org To: carnil@...ian.org Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE Request: smarty: secure mode bypass -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Can a CVE be assigned for the following smarty issue: upstream > released new version 3.1.21: > > > Smarty 3.1.21 Released Oct 18, 2014 > > Smarty 3.1.21 minor bug fixes and improvements. Also following up a > > security bug fix where <script language="php"> tags still worked in > > secure mode. To note, this only affects users using Smarty in secure > > mode and exposing templates to untrusted third parties. > > https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902 > https://bugs.debian.org/765920 > > {literal}<{/literal}script language=php>echo 1+1;</script> Use CVE-2014-8350. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJUSINZAAoJEKllVAevmvmsUZMH/jStJjghvRVAX4RijuoQ5Tuk ar0fNY4h8A8x/wb/Q7yfA06//uvPJeeUz6B1kptYnq6H+quBMm4JuWZSs1dRrjDi TJVmoNx4+bPPCfbaEsZfbX59HaDLf5rtDfeq1XeV+mHX7FgmuDcImDSsAjlra+Ko 2ixpC6NZG8ii58mikQial1wWlbvguCqkZPvV4KdkXbly+CEiA4/y4AIXEbAmSZyB oyDNkZdpOHrF5FoHWIqsTOysTvQaaC0jnJbuC9wvyPaOLJS39ZgRi7pVvz7UYv/r HvLTwoPJB9UmS/DeKV2nstkk+BpRJy+JqXITvwRGNl8FAIvxfxiRJAzLAQFNzzE= =3ELY -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.