-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 15 Mar 2008 15:10:58 +0100 Source: smarty Binary: smarty Architecture: source all Version: 2.6.18-1.1 Distribution: unstable Urgency: high Maintainer: Dimitri Fontaine <dim@tapoueh.org> Changed-By: Nico Golde <nion@debian.org> Description: smarty - Template engine for PHP Closes: 469492 Changes: smarty (2.6.18-1.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * A null character in a search string allows an attacker to call arbitrary php functions via templates. Add patch to return the string after the null in a string (CVE-2008-1066; Closes: #469492). Files: 9e8db1c79952351ca5862015430e5dd8 696 web optional smarty_2.6.18-1.1.dsc b373ab2b38d3d0f14335a22341954c1e 4001 web optional smarty_2.6.18-1.1.diff.gz 50b75a3fef40eca050c298fae9816f35 198974 web optional smarty_2.6.18-1.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFH29oSHYflSXNkfP8RAq3UAJ4kxiIQovpo5cPYZFzuJAMEKRZcfwCeLaHP 9XLB08Cg8q+r3t0oh28u5jo= =sMjS -----END PGP SIGNATURE----- Accepted: smarty_2.6.18-1.1.diff.gz to pool/main/s/smarty/smarty_2.6.18-1.1.diff.gz smarty_2.6.18-1.1.dsc to pool/main/s/smarty/smarty_2.6.18-1.1.dsc smarty_2.6.18-1.1_all.deb to pool/main/s/smarty/smarty_2.6.18-1.1_all.deb
