Bug#702710: smarty: Possible XSS bug in Smarty error messages.
Hello,
>> https://code.google.com/p/smarty-php/source/detail?r=4660
>
> Good catch, thanks for your report :)
> And I've made a debdiff as attached.
>
>> security team
> I think it would be released as stable-proposed-updates since it has
> no CVEs, so I guess we probably say no DSAs for it.
Just FYI the CVE identifier of CVE-2012-4437 has been previously
assigned to this issue:
http://www.openwall.com/lists/oss-security/2012/09/20/3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437
>
> And I don't know QA upload can be done as such way, so please let me
> know appropriate manner for upload if you know it.
Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team
>
>
> --
> Regards,
>
> Hideki Yamane henrich @ debian.or.jp/org
> http://wiki.debian.org/HidekiYamane
Reply to: