Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Oct 2014 21:53:57 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: CVE Request: smarty: secure mode bypass

Hi

Can a CVE be assigned for the following smarty issue: upstream
released new version 3.1.21:

> Smarty 3.1.21 Released Oct 18, 2014
> Smarty 3.1.21 minor bug fixes and improvements. Also following up a
> security bug fix where <script language="php"> tags still worked in
> secure mode. To note, this only affects users using Smarty in secure
> mode and exposing templates to untrusted third parties.

Changelog: https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902

Debian Bugreport: https://bugs.debian.org/765920

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ