[Secure-testing-commits] [Git][security-tracker-team/security-tracker][master] One smarty3 issue fixed a long time ago in 3.0.7 upstream

Salvatore Bonaccorso carnil at debian.org
Sun Jan 14 12:57:41 UTC 2018 

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fb02d924 by Salvatore Bonaccorso at 2018-01-14T13:56:26+01:00
One smarty3 issue fixed a long time ago in 3.0.7 upstream

Actually since this is bascially a non-issue and never got a either a
CVE nor a Debian BTS reference we might have removed it completely.
Since bugix tracking clear now kept it as alternative choice.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -195496,10 +195496,11 @@ CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3
 	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
 	NOTE: http://www.exploit-db.com/exploits/16129/
 CVE-2011-XXXX [incorrect handling of {$smarty.template} and {$smarty.current_dir}]
-	- smarty3 <unfixed> (unimportant)
+	- smarty3 3.0.8-1 (unimportant)
 	- smarty <removed> (unimportant)
 	NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
 	NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
+	NOTE: https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb(3.0.7)
 	NOTE: non-issue in practice, if you can place arbitrary template files you have worse problems
 CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in ...)
 	{DSA-2167-1}



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb02d924309fb49d8187fa92260dffe359a7f9ee

---
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/fb02d924309fb49d8187fa92260dffe359a7f9ee
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-commits/attachments/20180114/f37c623d/attachment.html>

More information about the Secure-testing-commits mailing list