Common Vulnerabilities and Exposures assigned an identifier CVE-2009-5052 to the following vulnerability: Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5052 [2] http://smarty-php.googlecode.com/svn/trunk/distribution/change_log.txt
From the look at the Smarty changelog [2] the security flaws fixed in v3.0.0 before beta 6 are as follows (relevant SVN log records are listed too): ============= * 12/28/2009 - update for security fixes SVN log entry: r3416 | Uwe.Tews | 2009-12-28 16:27:13 +0100 (Mon, 28 Dec 2009) | 2 lines - update for security fixes - make modifier plugins always trusted ============= * 12/27/2009 - closed a security hole regarding PHP code injection into cache files SVN log entry: 3407 | Uwe.Tews | 2009-12-27 16:06:49 +0100 (Sun, 27 Dec 2009) | 11 lines --- this is a major update with a couple of internal changes --- - new config file lexer/parser (thanks to Thue Jnaus Kristensen) - template lexer/parser fixes for PHP and {literal} handing (thanks to Thue Jnaus Kristensen) - fix on registered plugins with different type but same name - rewrite of plugin handling (optimized execution speed) - closed a security hole regarding PHP code injection into cache files - fixed bug in clear cache handling - Renamed a couple of internal classes - code cleanup for merging compiled templates - couple of runtime optimizations (still not all done)
Created attachment 530043 [details] Smarty r3407 upstream patch
Created attachment 530044 [details] Smarty r3416 upstream patch
These issues did NOT affect the versions of the php-Smarty package, as shipped with Fedora release of 14 and 15. -- These issues did NOT affect the versions of the php-Smarty package, as present within Fedora EPEL 5 and Fedora EPEL 6 repositories.