Bug#415994: marked as done (smarty: insufficient sanitization of the "filename" parameter of "Smarty.class.php")
Your message dated Thu, 12 Aug 2010 22:32:57 +0200
with message-id <201008122232.58045.thijs@debian.org>
and subject line not a bug
has caused the Debian Bug report #415994,
regarding smarty: insufficient sanitization of the "filename" parameter of "Smarty.class.php"
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
415994: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=415994
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: smarty: insufficient sanitization of the "filename" parameter of "Smarty.class.php"
- From: Elizabeth Bevilacqua <lyz@princessleia.com>
- Date: Fri, 23 Mar 2007 15:31:14 -0400
- Message-id: <20070323193114.GA24344@princessleia.com>
Package: smarty
Version: 2.6.9-1
Severity: important
Tags: security
On October 16, 2006 SecurityFocus.com reported this bug:
"It is prone to a remote file include vulnerability due to
insufficient sanitization of the "filename" parameter of
"Smarty.class.php". Version 2.6.9 is vulnerable."
More informatipon at: http://www.securityfocus.com/bid/20557/info
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.4.27-3-386
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
--
Elizabeth Bevilacqua // Lyz@PrincessLeia.com
http://www.princessleia.com
--- End Message ---
--- Begin Message ---
Hi,
This is indeed a non-issue as described in bug log.
Closing.
Thijs
--- End Message ---
Reply to: