Accepted: smarty,smarty 2.6.18-1ubuntu2.1 (source,i386)

Ubuntu Installer archive at ubuntu.com
Mon Mar 24 12:55:49 GMT 2008 

Accepted:
 OK: smarty_2.6.18.orig.tar.gz
 OK: smarty_2.6.18-1ubuntu2.1.diff.gz
 OK: smarty_2.6.18-1ubuntu2.1.dsc
     -> Component: universe Section: web
 OK: smarty_2.6.18-1ubuntu2.1_all.deb

Format: 1.7
Date: Sat, 15 Mar 2008 07:09:26 +0100
Source: smarty
Binary: smarty
Architecture: all source
Version: 2.6.18-1ubuntu2.1
Distribution: gutsy-security
Urgency: low
Maintainer: Ubuntu MOTU Developers <ubuntu-motu at lists.ubuntu.com>
Changed-By: Emanuele Gentili <emgent at emanuele-gentili.com>
Description:
 smarty     - Template engine for PHP
Changes:
 smarty (2.6.18-1ubuntu2.1) gutsy-security; urgency=low
 .
   * SECURITY UPDATE: (LP: #202422)
    + libs/plugins/modifier.regex_replace.php
     - The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used
       by Serendipity (S9Y) and other products, allows attackers to call arbitrary
       PHP functions via templates, related to a '\0' character in a search string.
 .
   * References
    + http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1066
    + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
Files:
 a8872c2889a2772b0ee1689cc54d73cc 197768 web optional smarty_2.6.18-1ubuntu2.1_all.deb
 948e5b93ce80d9471e093705422b3cf8 785 web optional smarty_2.6.18-1ubuntu2.1.dsc
 40c3fb5e8553ae3ccc5bc6eddc481103 4341 web optional smarty_2.6.18-1ubuntu2.1.diff.gz
Launchpad-Bugs-Fixed: 202422
Original-Maintainer: Dimitri Fontaine <dim at tapoueh.org>

More information about the gutsy-changes mailing list