[SECURITY] Fedora 10 Update: php-Smarty-2.6.20-2.fc10
updates at fedoraproject.org
updates at fedoraproject.org
Wed Nov 26 06:25:03 UTC 2008
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2008-10409
2008-11-26 04:13:48
--------------------------------------------------------------------------------
Name : php-Smarty
Product : Fedora 10
Version : 2.6.20
Release : 2.fc10
URL : http://smarty.php.net
Summary : Template/Presentation Framework for PHP
Description :
Although Smarty is known as a "Template Engine", it would be more accurately
described as a "Template/Presentation Framework." That is, it provides the
programmer and template designer with a wealth of tools to automate tasks
commonly dealt with at the presentation layer of an application. I stress the
word Framework because Smarty is not a simple tag-replacing template engine.
Although it can be used for such a simple purpose, its focus is on quick and
painless development and deployment of your application, while maintaining
high-performance, scalability, security and future growth.
--------------------------------------------------------------------------------
Update Information:
CVE-2008-4811
--------------------------------------------------------------------------------
ChangeLog:
* Sun Nov 2 2008 Christopher Stone <chris.stone at gmail.com> 2.6.20-2
- Add security patch (bz #469648)
- Add RHL dist tag conditional for Requires
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #469648 - CVE-2008-4811 php-Smarty: PHP code execution via templates with \ escaped $ sign
https://bugzilla.redhat.com/show_bug.cgi?id=469648
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-Smarty' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
http://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list