CVE-2008-1066
Published: 28 February 2008
The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.
Priority
Status
Package | Release | Status |
---|---|---|
gallery2 Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life, was needed)
|
feisty |
Ignored
(end of life, was needed)
|
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Ignored
(end of life, was needed)
|
|
upstream |
Released
(2.2.5-1)
|
|
Patches: other: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492 |
||
smarty Launchpad, Ubuntu, Debian |
dapper |
Released
(2.6.11-1ubuntu0.1)
|
edgy |
Released
(2.6.14-1ubuntu0.6.10.1)
|
|
feisty |
Released
(2.6.14-1ubuntu0.7.04.1)
|
|
gutsy |
Released
(2.6.18-1ubuntu2.1)
|
|
upstream |
Released
(2.6.19)
|
|
Patches: other: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492 debdiff: https://bugs.launchpad.net/ubuntu/+source/smarty/+bug/202422 |