Bug#702710: smarty: Possible XSS bug in Smarty error messages.
> Good catch, thanks for your report :)
> And I've made a debdiff as attached.
>> security team
> I think it would be released as stable-proposed-updates since it has
> no CVEs, so I guess we probably say no DSAs for it.
Just FYI the CVE identifier of CVE-2012-4437 has been previously
assigned to this issue:
> And I don't know QA upload can be done as such way, so please let me
> know appropriate manner for upload if you know it.
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
> Hideki Yamane henrich @ debian.or.jp/org