| Summary: | CVE-2010-4723 php-Smarty: Before 3.0.0, when security is enabled does not prevent access to the dynamic and private object members of an assigned object | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | |||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | unspecified | CC: | christof, gwync | ||||
| Target Milestone: | --- | Keywords: | Security | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2011-10-25 11:02:46 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Attachments: |
|
||||||
|
Description
Jan Lieskovsky
2011-10-25 10:58:21 UTC
Relevant Smarty Changelog entry: 04/11/2010 - bugfix do not allow access of dynamic and private object members of assigned objects when security is enabled. and particular SVN log record to it: r3719 | uwe.tews | 2010-11-04 16:53:28 +0100 (Thu, 04 Nov 2010) | 2 lines - bugfix do not allow access of dynamic and private object members of assigned objects when security is enabled. Created attachment 530056 [details]
Smarty r3719 SVN repository upstream patch
This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora release of 14 and 15 (the relevant code in question does NOT exist in those versions yet). -- This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora EPEL 5 and Fedora EPEL 6 repositories (the relevant code in question does NOT exist in those versions yet). |