Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities

Bug #491129 reported by François Marier on 2009-12-01
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
Undecided
Evan Goldenberg
1.0
Undecided
Evan Goldenberg
1.1
Undecided
Evan Goldenberg

Bug Description

The version of smarty bundled with Mahara has three open vulnerabilities:

  CVE-2008-4810
  CVE-2008-4811
  CVE-2009-1669

The Debian/Ubuntu packages are not vulnerable since they use the packaged version of smarty.

CVE References

Changed in mahara:
milestone: none → 1.1.8
milestone: 1.1.8 → 1.0.14
milestone: 1.0.14 → none
Changed in mahara:
assignee: nobody → Evan Goldenberg (naveg)
Evan Goldenberg (naveg) wrote :

CVE-2008-4810 and CVE-2008-4811 appear to be the same issue, involving unescaped dollar signs. This was fixed in smarty r2797 (http://code.google.com/p/smarty-php/source/detail?r=2797)

CVE-2009-1669, which involves unneeded backticks in math equations, was fixed in smarty r3139 (http://code.google.com/p/smarty-php/source/detail?r=3139).

Both are trivial fixes, so I'll manually apply them to the version of smarty found in Mahara 1.0 and 1.1

Evan Goldenberg (naveg) wrote :

Fixed on the security repo, branches 1.1_STABLE and 1.0_STABLE

Changed in mahara:
status: New → Fix Committed
Changed in mahara:
status: Fix Committed → Fix Released
visibility: private → public
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers