Hi Jan,
On Mon, 11 Mar 2013 09:16:31 -0400 (EDT)
Jan Lieskovsky wrote:
> Just FYI the CVE identifier of CVE-2012-4437 has been previously
> assigned to this issue:
> http://www.openwall.com/lists/oss-security/2012/09/20/3
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437
Thank y
Hello,
>> https://code.google.com/p/smarty-php/source/detail?r=4660
>
> Good catch, thanks for your report :)
> And I've made a debdiff as attached.
>
>> security team
> I think it would be released as stable-proposed-updates since it has
> no CVEs, so I guess we probably say no DSAs for it.
J
Control: severity -1 important
Control: tags -1 +security
On Mon, 11 Mar 2013 01:03:42 +0900
Yoshinari Takaoka wrote:
> In upstream version Smarty 2.6.27, possible security fix is applied with the
> following patch.
> But this fix does not seem to be applied in Debian stable package 2.6.26-0.2.
Package: smarty
Version: 2.6.26-0.2
Severity: normal
In upstream version Smarty 2.6.27, possible security fix is applied with the
following patch.
But this fix does not seem to be applied in Debian stable package 2.6.26-0.2.
--- Smarty.class.php.orig 2009-06-18 23:47:04.0 +0900
++
4 matches
Mail list logo
