Thijs Kinkhorst wrote: > reopen 471160 > thanks > > Hi, > > I don't understand why you're closing this bug. I cannot find > information in the debdiff between the two versions that the Smarty > security bug was fixed at all. Can you clarify?
According to Gallery upstream, this bug was fixed in the 2.2.5 code tree. > Also I don't think the bug is closed at all when the tarball still > contains a verbatim copy of smarty. Embedded code copies are a policy > violation and with good reason: they are a serious problem for security > support. I'm working on removing the embedded copy of smarty but in my testing, the existing patches are not a drop in replacement for the current functionality. -- ---------------------------- Michael Schultheiss E-mail: [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
