Package: moodle Severity: important Version: 1.6.3-2 Tags: security Hi,
The following SA (Secunia Advisory) id was published for Smarty, which affects the embedded copy shipped in moodle. SA32329[1]: > A vulnerability has been reported in Smarty, which can be exploited by > malicious people to bypass certain security restrictions. > > The vulnerability is caused due to an error when processing data with > embedded variables. This can be exploited to potentially execute arbitrary > PHP code. No patch has been published yet which completely fixes the bug. However, it would be better if moodle just depended on smarty and the include/require calls changed to use the copy provided by that package, to avoid shipping yet another embedded code copy. If you fix the vulnerability please also make sure to include the SA id in the changelog entry. [1]http://secunia.com/Advisories/32329/ Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net
signature.asc
Description: This is a digitally signed message part.
