Viewing all changes in revision 10.
- Committer: Bazaar Package Importer
- Date: 2008-03-15 07:09:26 UTC
- Revision ID: james.westby@ubuntu.com-20080315070926-hmzhugqrvlg8oobt
* SECURITY UPDATE: (LP: #202422)
+ libs/plugins/modifier.regex_replace.php
- The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
by Serendipity (S9Y) and other products, allows attackers to call arbitrary
PHP functions via templates, related to a '\0' character in a search string.
* References
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
+ libs/plugins/modifier.regex_replace.php
- The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
by Serendipity (S9Y) and other products, allows attackers to call arbitrary
PHP functions via templates, related to a '\0' character in a search string.
* References
+ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
+ http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
- files modified:
- debian/changelog
expand all
collapse all
added
removed
