Request #13351 :: Bundled smarty needs security update

Package home | Report new bug | New search | Development Roadmap

Status: Open | Feedback | All | Closed Since Version 1.5.0a1

Request #13351	Bundled smarty needs security update
Submitted:	2008-03-09 02:40 UTC
From:	hanno	Assigned:	ashnazg
Status:	Wont fix	Package:	PhpDocumentor (version 1.4.1)
PHP Version:	5.2.5	OS:
Roadmaps:	(Not assigned)
Subscription	Your email:

Comments Add Comment Add patch

Anyone can comment on a bug. Have a simpler test case? Does it work for you on a different platform? Let us know! Just going to say 'Me too!'? Don't clutter the database with that please !

Your email address: MUST BE VALID
Solve the problem : 1 + 31 = ?

[2008-03-09 02:40 UTC] hanno (Hanno Boeck)

Description:
------------
I'm not sure if PhpDocumentor is affected, but lately smarty had security issues which were fixed in 2.6.19 (CVE-2008-1066).

The bundled smarty code should be updated.

Comments

[2011-08-28 16:54 UTC] doconnor (Daniel O'Connor)

There was a release, ~2009 - is the request still valid

[2012-09-01 02:24 UTC] ashnazg (Chuck Burgess)

-Status:           Open
+Status:           Wont fix
-Assigned To:
+Assigned To:      ashnazg
-Roadmap Versions: 1.5.0a1
+Roadmap Versions:
No more feature work on phpDocumentor 1.x. Check out the new phpDocumentor 2.x (http://www.phpdoc.org/).

[2012-09-01 16:27 UTC] hanno (Hanno Boeck)

Yes, PhpDocumentor 1.4.4 still ships Smarty 2.6.0, so it is probably still vulnerable.
In the meantime, a bunch of further smarty vulns were found, e.g. CVE-2012-4277.