[Kolab-devel] [issue2559] CVE-2008-1066: php-smarty needs to be upgraded

Thomas Arendsen Hein kolab-issues at intevation.de
Wed Mar 19 17:21:30 CET 2008

New submission from Thomas Arendsen Hein <thomas at intevation.de>:

There war a security advisory for php-smarty:
DSA 1520-1
Debian Bug: 469492

"It was discovered that the regex module in Smarty, a PHP templating engine,
allows attackers to call arbitrary PHP functions via templates using the
regex_replace plugin by a specially crafted search string."

A "grep -r regex_replace" on CVS does not show any uses of regex_replace and on
an installed kolab server this only matches on smarty itself, but the package
should be upgraded anyway.

assignedto: thomas
messages: 14162
nosy: bernhard, martin, thomas, till, wilde, wrobel
priority: minor bug
status: unread
title: CVE-2008-1066: php-smarty needs to be upgraded
topic: server
Kolab issue tracker <kolab-issues at intevation.de>

More information about the devel mailing list