Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: "Tobias Scherbaum (dertobi123)" <dertobi123@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo-x86 commit in dev-php/smarty/files: smarty-2.6.20-CVE-2008-4810.patch
Date: Fri, 28 Nov 2008 15:55:16
Message-Id: E1L65gZ-0007jI-1U@stork.gentoo.org
1 dertobi123 08/11/28 15:55:15
2
3 Added: smarty-2.6.20-CVE-2008-4810.patch
4 Log:
5 Revision bump for security bug #243856
6 (Portage version: 2.2_rc16/cvs/Linux 2.6.25-gentoo-r7 x86_64)
7
8 Revision Changes Path
9 1.1 dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch
10
11 file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch?rev=1.1&view=markup
12 plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/dev-php/smarty/files/smarty-2.6.20-CVE-2008-4810.patch?rev=1.1&content-type=text/plain
13
14 Index: smarty-2.6.20-CVE-2008-4810.patch
15 ===================================================================
16 ------------------------------------------------------------------------
17 r2784 | Uwe.Tews | 2008-09-18 23:03:32 +0200 (Thu, 18 Sep 2008) | 1 line
18
19 - fix function injection security hole closed (U.Tews)
20 ------------------------------------------------------------------------
21 r2796 | monte.ohrt | 2008-09-22 17:29:16 +0200 (Mon, 22 Sep 2008) | 3 lines
22
23 revert patch for secuity hole, update site url
24
25
26 ------------------------------------------------------------------------
27 r2797 | monte.ohrt | 2008-09-22 21:26:32 +0200 (Mon, 22 Sep 2008) | 3 lines
28
29 patch for security, php executed in templates
30
31
32 ------------------------------------------------------------------------
33 Index: Smarty_Compiler.class.php
34 ===================================================================
35 --- Smarty-2.6.20.orig/libs/Smarty_Compiler.class.php (revision 2781)
36 +++ Smarty-2.6.20/libs/Smarty_Compiler.class.php (revision 2797)
37 @@ -1705,6 +1705,8 @@
38 }
39 // replace double quoted literal string with single quotes
40 $_return = preg_replace('~^"([\s\w]+)"$~',"'\\1'",$_return);
41 + // escape dollar sign if not printing a var
42 + $_return = preg_replace('~\$(\W)~',"\\\\\$\\1",$_return);
43 return $_return;
44 }
Report Message
Find on MARC Find on Google Groups