-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 16 Mar 2008 12:05:07 +0100 Source: smarty Binary: smarty Architecture: source all Version: 2.6.9-1sarge1 Distribution: oldstable-security Urgency: high Maintainer: Dimitri Fontaine <dfontaine@cvf.fr> Changed-By: Thijs Kinkhorst <thijs@debian.org> Description: smarty - Template engine for PHP Closes: 469492 Changes: smarty (2.6.9-1sarge1) oldstable-security; urgency=high . * Non-maintainer upload by the security team. * A \0 character in a search string could be abused to call arbitrary PHP functions via templates. CVE-2008-1066, closes: #469492 Files: 3c1955d0151a53532dab661fb9a9b7b3 870 web optional smarty_2.6.9-1sarge1.dsc 4ee0048de6a9b35f1b11b458493327f2 141694 web optional smarty_2.6.9.orig.tar.gz b1835fb9b611eb5ef3f26f23c21fbdbb 3502 web optional smarty_2.6.9-1sarge1.diff.gz 39408bb8ec42a25956990f2e81bd2d7e 177048 web optional smarty_2.6.9-1sarge1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBR9z/o2z0hbPcukPfAQK8uQf/cBjknFAnsHD1mlHhfslvUDjYAuZOeipW Y+cgaVzKItxnQRHpnv9ZPTgW7HruMnoKHSPTh6Ks6q+sVXrPGIu0s10mD8YeqjkL I6wMgD5/JGQHfcZ7rm2COlJQl+1jWDt4Am9m/+Aip0++v02c07CIpkyNvIU5V7E5 70150+FUyljMkfuJOa6MgnOmk+Yd9UGencNDKXlWy+3LfSJ2dPUK1ZN6uwgnrNRp bwb9TM3RB3zTiS5WWJqqE1/J7oHAGV/sT1sa1bWYJFa1drx0s5H0TffWSy6Ixr+W 7ZB2P89tKpVVaXA6aFHUqOBdxRZPMBLQmqcxlcfvDUrhB6zSiBnwEg== =IxNY -----END PGP SIGNATURE----- Accepted: smarty_2.6.9-1sarge1.diff.gz to pool/main/s/smarty/smarty_2.6.9-1sarge1.diff.gz smarty_2.6.9-1sarge1.dsc to pool/main/s/smarty/smarty_2.6.9-1sarge1.dsc smarty_2.6.9-1sarge1_all.deb to pool/main/s/smarty/smarty_2.6.9-1sarge1_all.deb