CVE-2008-4810 and CVE-2008-4811 appear to be the same issue, involving unescaped dollar signs. This was fixed in smarty r2797 (http://code.google.com/p/smarty-php/source/detail?r=2797)
CVE-2009-1669, which involves unneeded backticks in math equations, was fixed in smarty r3139 (http://code.google.com/p/smarty-php/source/detail?r=3139).
Both are trivial fixes, so I'll manually apply them to the version of smarty found in Mahara 1.0 and 1.1
CVE-2008-4810 and CVE-2008-4811 appear to be the same issue, involving unescaped dollar signs. This was fixed in smarty r2797 (http:// code.google. com/p/smarty- php/source/ detail? r=2797)
CVE-2009-1669, which involves unneeded backticks in math equations, was fixed in smarty r3139 (http:// code.google. com/p/smarty- php/source/ detail? r=3139).
Both are trivial fixes, so I'll manually apply them to the version of smarty found in Mahara 1.0 and 1.1