Ubuntu
smarty package

[smarty] [CVE-2008-1066] arbitrary code execution

Bug #203457 reported by disabled.user on 2008-03-18

This bug report is a duplicate of: Bug #202422: CVE-2008-1066 smarty allows attackers to call arbitrary PHP functions via templates. Edit Remove

254

Affects		Status	Importance	Assigned to	Milestone
	smarty (Debian)	Fix Released	Unknown	debbugs #469492
	smarty (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: smarty

References:
DSA-1520-1 (http://www.debian.org/security/2008/dsa-1520)

Quoting:
"It was discovered that the regex module in Smarty, a PHP templating engine,
allows attackers to call arbitrary PHP functions via templates using the
regex_replace plugin by a specially crafted search string."

CVE References

2008-1066

Bug Watch Updater (bug-watch-updater) on 2008-03-18

Changed in smarty:
status:	Unknown → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

Duplicate of bug #202422 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #469492
[done important security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntusmarty package