Comment 13 for bug 202422

This bug was fixed in the package smarty - 2.6.18-1ubuntu2.1

---------------
smarty (2.6.18-1ubuntu2.1) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #202422)
   + libs/plugins/modifier.regex_replace.php
    - The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
      by Serendipity (S9Y) and other products, allows attackers to call arbitrary
      PHP functions via templates, related to a '\0' character in a search string.

  * References
   + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
   + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492

 -- Emanuele Gentili <email address hidden> Sat, 15 Mar 2008 07:09:26 +0100