Bug#702710: smarty: Possible XSS bug in Smarty error messages.

To: Jan Lieskovsky <jlieskov@redhat.com>, team@security.debian.org
Cc: 702710@bugs.debian.org
Subject: Bug#702710: smarty: Possible XSS bug in Smarty error messages.
From: Hideki Yamane <henrich@debian.or.jp>
Date: Fri, 15 Mar 2013 07:50:44 +0900
Message-id: <[🔎] 20130315075044.8404d72f3b515bdc694e4177@debian.or.jp>
Reply-to: Hideki Yamane <henrich@debian.or.jp>, 702710@bugs.debian.org
In-reply-to: <[🔎] 1877563764.5006396.1363007791403.JavaMail.root@redhat.com>
References: <[🔎] 1877563764.5006396.1363007791403.JavaMail.root@redhat.com>

Hi Jan,

On Mon, 11 Mar 2013 09:16:31 -0400 (EDT)
Jan Lieskovsky <jlieskov@redhat.com> wrote:
> Just FYI the CVE identifier of CVE-2012-4437 has been previously
> assigned to this issue:
>   http://www.openwall.com/lists/oss-security/2012/09/20/3
>   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4437

 Thank you for your valuable information, Jan.
 Now I've prepared updated package as attached debdiff.


-- 
Regards,

 Hideki Yamane     henrich @ debian.or.jp/org
 http://wiki.debian.org/HidekiYamane

Attachment: CVE-2012-4437_smarty.debdiff
Description: Binary data

Reply to:

References:
- Bug#702710: smarty: Possible XSS bug in Smarty error messages.
  - From: Jan Lieskovsky <jlieskov@redhat.com>

Prev by Date: hfsutils_3.2.6-12_amd64.changes ACCEPTED into unstable
Next by Date: Processed: Re: lastmp: switch from python-libmpdclient to python-mpd
Previous by thread: Bug#702710: smarty: Possible XSS bug in Smarty error messages.
Next by thread: Re: First motif commits
Index(es):
- Date
- Thread