[Kolab-devel] [issue2559] CVE-2008-1066: php-smarty needs to be upgraded
Thomas Arendsen Hein
kolab-issues at intevation.de
Wed Mar 19 17:21:30 CET 2008
New submission from Thomas Arendsen Hein <thomas at intevation.de>:
There war a security advisory for php-smarty:
CVE-2008-1066
DSA 1520-1
Debian Bug: 469492
"It was discovered that the regex module in Smarty, a PHP templating engine,
allows attackers to call arbitrary PHP functions via templates using the
regex_replace plugin by a specially crafted search string."
A "grep -r regex_replace" on CVS does not show any uses of regex_replace and on
an installed kolab server this only matches on smarty itself, but the package
should be upgraded anyway.
----------
assignedto: thomas
messages: 14162
nosy: bernhard, martin, thomas, till, wilde, wrobel
priority: minor bug
status: unread
title: CVE-2008-1066: php-smarty needs to be upgraded
topic: server
___________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://www.intevation.de/roundup/kolab/issue2559>
___________________________________________________
More information about the devel
mailing list