[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#702710: smarty: Possible XSS bug in Smarty error messages.


>> https://code.google.com/p/smarty-php/source/detail?r=4660
>  Good catch, thanks for your report :) 
> And I've made a debdiff as attached.
>> security team
> I think it would be released as stable-proposed-updates since it has
> no CVEs, so I guess we probably say no DSAs for it.

Just FYI the CVE identifier of CVE-2012-4437 has been previously
assigned to this issue:

> And I don't know QA upload can be done as such way, so please let me
> know appropriate manner for upload if you know it.

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

> -- 
> Regards,
> Hideki Yamane     henrich @ debian.or.jp/org
> http://wiki.debian.org/HidekiYamane

Reply to: