[Bug 327367] [NEW] MIR: please promote smarty to Main

Jordan Mantha jordan.mantha at gmail.com
Mon Feb 9 20:58:05 UTC 2009 

Public bug reported:

Binary package hint: smarty

Moodle already includes a copy of smarty and Debian has recently decided
to remove the copy and depend on the system installed version. This is
an ongoing effort to get rid of Moodle's embedded libs (see bottom of
https://wiki.ubuntu.com/EdubuntuContentServer ). Smarty has a CVE record
(http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=smarty) but the current
version doesn't seem to have any vulnerabilities. However, not
keeping/using the moodle copy should ensure better security. Here's the
relevant Debian changelog entry:

moodle (1.8.2-2) unstable; urgency=high

  * Adopt orphaned package (closes: #494642)
  * Acknowledge security NMU (closes: #489533, #432264)
  * Add Vcs-* fields to debian/control

  Release-critical and security bugs:
 
  * Depend on smarty instead of using the embedded copy that is shipped
    with Moodle (closes: #471158, #488525, #504345)
  * Patch security bug in the embedded (and customised) copy of phpmailer
    (CVE-2007-3215, closes: #429339, #429190)
  * Patch cross-site scripting bug (CVE-2008-3326, closes: #492492)
  * Patch snoopy input sanitising (CVE-2008-4796, closes: #504235)
  * Upgrade to new LGPL version of domxml-php4-to-php5 (closes: #496069)

  Trivial bug fixes:

  * Depend on zip (closes: #408995)
  * Add mysql-client as an alternative to postgresql-client
    (closes: #417554, #469094)
  * Recommend php5-ldap (closes: #425839)
  * Delete unnecessary script with bashisms (closes: #489634)

  Lintian warnings:

  * Bump Standards-Version to 3.8.0
  * Add homepage field to debian/control
  * Remove cvsignore file
  * Remove extra license file
  * Depend on yui instead of using an embedded copy

 -- Francois Marier <francois at debian.org>  Fri, 07 Nov 2008 08:24:28
+1300

Let me know if you need anything more.

** Affects: smarty (Ubuntu)
     Importance: Undecided
         Status: New

-- 
MIR: please promote smarty to Main
https://bugs.launchpad.net/bugs/327367
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list