Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 4 Nov 2008 23:13:02 +1100
From: Steffen Joeris <steffen.joeris@...lelinux.de>
To: oss-security@...ts.openwall.com
Cc: vuln@...unia.com,
 coley@...re.org
Subject: Re: Regarding SA32329 (Smarty "_expand_quoted_text()" Security Bypass)

On Sun, 26 Oct 2008 12:20:54 am Robert Buchholz wrote:
> Hi,
>
> unfortunately, Secunia does not list any references for SA32329 [1].
> Apparantly, they are refering to the last three commits to
> libs/Smarty_Compiler.class.php, r2781:2797 [2].
>
> However, this issue is not fixed in 2.6.20, and I could not find a
> 2.6.20-1 release. I have no idea where this version information comes
> from.
>
> It might be worthwhile to check applications that bundle smarty, like
> tikiwiki, gallery 2 or PEAR-PhpDocumentor.
This issue has now been given CVE-2008-4810 and CVE-2008-4811. However, isn't 
CVE-2008-4811 already covered by CVE-2008-4810 or could someone please 
enlighten me?
The latest patch I can see from upstream is an additional preg_replace() and 
he kept the old one.

Cheers
Steffen


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ