Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list]
Date: Tue, 4 Nov 2008 23:13:02 +1100
From: Steffen Joeris <steffen.joeris@...lelinux.de>
To: oss-security@...ts.openwall.com
Cc: vuln@...unia.com,
 coley@...re.org
Subject: Re: Regarding SA32329 (Smarty "_expand_quoted_text()" Security Bypass)

On Sun, 26 Oct 2008 12:20:54 am Robert Buchholz wrote:
> Hi,
>
> unfortunately, Secunia does not list any references for SA32329 [1].
> Apparantly, they are refering to the last three commits to
> libs/Smarty_Compiler.class.php, r2781:2797 [2].
>
> However, this issue is not fixed in 2.6.20, and I could not find a
> 2.6.20-1 release. I have no idea where this version information comes
> from.
>
> It might be worthwhile to check applications that bundle smarty, like
> tikiwiki, gallery 2 or PEAR-PhpDocumentor.
This issue has now been given CVE-2008-4810 and CVE-2008-4811. However, isn't 
CVE-2008-4811 already covered by CVE-2008-4810 or could someone please 
enlighten me?
The latest patch I can see from upstream is an additional preg_replace() and 
he kept the old one.

Cheers
Steffen


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ