Date: Wed, 22 Oct 2014 21:53:57 +0200 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: CVE Request: smarty: secure mode bypass Hi Can a CVE be assigned for the following smarty issue: upstream released new version 3.1.21: > Smarty 3.1.21 Released Oct 18, 2014 > Smarty 3.1.21 minor bug fixes and improvements. Also following up a > security bug fix where <script language="php"> tags still worked in > secure mode. To note, this only affects users using Smarty in secure > mode and exposing templates to untrusted third parties. Changelog: https://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt?r=4902 Debian Bugreport: https://bugs.debian.org/765920 Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.