Ubuntu
gallery2 package

  1. Hardy (8.04)
  2. Bug #202422
  3. Comment #12

Comment 12 for bug 202422

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

smarty (2.6.11-1ubuntu0.1) dapper-security; urgency=low

  * SECURITY UPDATE: (LP: #202422)
   + libs/plugins/modifier.regex_replace.php
    - The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
      by Serendipity (S9Y) and other products, allows attackers to call arbitrary
      PHP functions via templates, related to a '\0' character in a search string.

  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492

 -- Emanuele Gentili <email address hidden> Sat, 15 Mar 2008 07:33:32 +0100