Bug#702710: smarty: Possible XSS bug in Smarty error messages.
Package: smarty
Version: 2.6.26-0.2
Severity: normal
In upstream version Smarty 2.6.27, possible security fix is applied with the following patch.
But this fix does not seem to be applied in Debian stable package 2.6.26-0.2.
--- Smarty.class.php.orig 2009-06-18 23:47:04.000000000 +0900
+++ Smarty.class.php 2013-03-11 00:32:14.000000000 +0900
@@ -1090,7 +1090,8 @@
*/
function trigger_error($error_msg, $error_type = E_USER_WARNING)
{
- trigger_error("Smarty error: $error_msg", $error_type);
+ $msg = htmlentities($error_msg);
+ trigger_error("Smarty error: $msg", $error_type);
}
https://code.google.com/p/smarty-php/source/detail?r=4660
-- System Information:
Debian Release: 6.0.7
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages smarty depends on:
ii php5-cli 5.3.3-7+squeeze15 command-line interpreter for the p
smarty recommends no packages.
smarty suggests no packages.
-- no debconf information
Reply to: