Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 22 Oct 2014 21:53:57 +0200
From: Salvatore Bonaccorso <carnil@...ian.org>
To: OSS Security Mailinglist <oss-security@...ts.openwall.com>
Cc: CVE Assignments MITRE <cve-assign@...re.org>
Subject: CVE Request: smarty: secure mode bypass

Hi

Can a CVE be assigned for the following smarty issue: upstream
released new version 3.1.21:

> Smarty 3.1.21 Released Oct 18, 2014
> Smarty 3.1.21 minor bug fixes and improvements. Also following up a
> security bug fix where <script language="php"> tags still worked in
> secure mode. To note, this only affects users using Smarty in secure
> mode and exposing templates to untrusted third parties.

Changelog: https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902

Debian Bugreport: https://bugs.debian.org/765920

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.