Oval Definition:oval:org.mitre.oval:def:7776
Revision Date:2014-06-23Version:18
Title:DSA-1520 smarty -- insufficient input sanitising
Description:It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.
Family:unixClass:patch
Status:ACCEPTEDReference(s):CVE-2008-1066
DSA-1520
Platform(s):Debian GNU/Linux 3.1
Debian GNU/Linux 4.0
Product(s):smarty
Definition Synopsis
  • Release section
  • Debian GNU/Linux 4.0 is installed.
  • AND Installed architecture is all
  • AND smarty is earlier than 2.6.14-1etch1
  • OR Release section
  • Debian GNU/Linux 3.1 is installed
  • AND Installed architecture is all
  • AND smarty is earlier than 2.6.9-1sarge1
    • BACK