-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 16 Mar 2008 11:49:56 +0100 Source: smarty Binary: smarty Architecture: source all Version: 2.6.14-1etch1 Distribution: stable-security Urgency: high Maintainer: Dimitri Fontaine <dim@tapoueh.org> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: smarty - Template engine for PHP Closes: 469492 Changes: smarty (2.6.14-1etch1) stable-security; urgency=high . * Non-maintainer upload by the security team. * A \0 character in a search string could be abused to call arbitrary PHP functions via templates. CVE-2008-1066, closes: #469492 Files: fa71b68819fe520b5616eec683276fdf 950 web optional smarty_2.6.14-1etch1.dsc 9186796ddbc29191306338dea9d632a0 144986 web optional smarty_2.6.14.orig.tar.gz 8544db24358f72e091898f45c9fbc961 3814 web optional smarty_2.6.14-1etch1.diff.gz d2c9b4a558a052ab1c96bbdadfedafa5 184654 web optional smarty_2.6.14-1etch1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9z8L2z0hbPcukPfAQJMywgAq9k4FZMsIIYMjV6RVAAIzcjJhu7oFGQ5 ddSSV5jT5K0NzSdFEm6keDU2mYuRsDCJnzJ8U+Qllquchmv8kO2lTpHGKa1VeQby 7BqiYUxB7JblH7FYtuHcpMCtAr9emJOlRKKUh27fXGPj3cYr42PQ1Epfz2Rys5nw nuwZ61uIvXUIkBTgBDi9UcjvMFepVatpUMQsZJxKFTSsQTXIzoD8PqK93Wcbno4b 6h2oZT/eZSuZH5YdBoBdDHOrQjP0e9iZtsayb/V7xUeAmOlCzbP9KWuZsA+VGSRs YGZ9KOcg+FR6nfwP83DHGTmX9GT2tgV50ahWgJXypLvUnaAuFKGoVA== =LWDn -----END PGP SIGNATURE----- Accepted: smarty_2.6.14-1etch1.diff.gz to pool/main/s/smarty/smarty_2.6.14-1etch1.diff.gz smarty_2.6.14-1etch1.dsc to pool/main/s/smarty/smarty_2.6.14-1etch1.dsc smarty_2.6.14-1etch1_all.deb to pool/main/s/smarty/smarty_2.6.14-1etch1_all.deb