Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities
Bug #491129 reported by
François Marier
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
Undecided
|
Evan Goldenberg | ||
1.0 |
Fix Released
|
Undecided
|
Evan Goldenberg | ||
1.1 |
Fix Released
|
Undecided
|
Evan Goldenberg |
Bug Description
The version of smarty bundled with Mahara has three open vulnerabilities:
CVE-2008-4810
CVE-2008-4811
CVE-2009-1669
The Debian/Ubuntu packages are not vulnerable since they use the packaged version of smarty.
Changed in mahara: | |
milestone: | none → 1.1.8 |
milestone: | 1.1.8 → 1.0.14 |
milestone: | 1.0.14 → none |
Changed in mahara: | |
assignee: | nobody → Evan Goldenberg (naveg) |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
visibility: | private → public |
To post a comment you must log in.
CVE-2008-4810 and CVE-2008-4811 appear to be the same issue, involving unescaped dollar signs. This was fixed in smarty r2797 (http:// code.google. com/p/smarty- php/source/ detail? r=2797)
CVE-2009-1669, which involves unneeded backticks in math equations, was fixed in smarty r3139 (http:// code.google. com/p/smarty- php/source/ detail? r=3139).
Both are trivial fixes, so I'll manually apply them to the version of smarty found in Mahara 1.0 and 1.1