Package: smarty Severity: important Version: 2.6.14-1 Tags: security patch Hi,
The following SA (Secunia Advisory) id was published for Smarty. SA32329[1]: > A vulnerability has been reported in Smarty, which can be exploited by > malicious people to bypass certain security restrictions. > > The vulnerability is caused due to an error when processing data with > embedded variables. This can be exploited to potentially execute arbitrary > PHP code. The patch for Smarty_Compiler.class.php can be found at [2]. If you fix the vulnerability please also make sure to include the SA id in the changelog entry. [1]http://secunia.com/Advisories/32329/ [2]http://code.google.com/p/smarty-php/source/diff?spec=svn2797&r=2797&format=side&path=/trunk/libs/Smarty_Compiler.class.php Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
