Comment 1 for bug 491129

CVE-2008-4810 and CVE-2008-4811 appear to be the same issue, involving unescaped dollar signs. This was fixed in smarty r2797 (http://code.google.com/p/smarty-php/source/detail?r=2797)

CVE-2009-1669, which involves unneeded backticks in math equations, was fixed in smarty r3139 (http://code.google.com/p/smarty-php/source/detail?r=3139).

Both are trivial fixes, so I'll manually apply them to the version of smarty found in Mahara 1.0 and 1.1