Hi, 2008/11/4 Steffen Joeris <[EMAIL PROTECTED]>: > Hi > > This is what upstream uses at the moment: > http://code.google.com/p/smarty-php/source/detail?r=2797&path=/trunk/libs/Smarty_Compiler.class.php > > Also this issue has been given CVE-2008-4811 and CVE-2008-4810. I am trying to > clarify the situation with other vendors. In the meanwhile, please have a > look at the patch. I am not sure, whether it fixes all attack vectors, maybe > you can state your opinion as well?
As already clarified via IRC and in another email in the ML, CVE-2008-4810 is this bug report, and -4811 documents another attack vector. The address to the patch I provided on my original email fixes -4810 but doesn't fix -4811. Should I clone the bug? or should we handle both CVEs in the same bug report? There hasn't been any news about a fix for -4811. > > Cheers > Steffen > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net P. J. O'Rourke - "Never wear anything that panics the cat." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
