A cross-site scripting (XSS) flaw was found in the way SmartyException class of Smarty (php-Smarty), template / presentation framework for PHP language, performed sanitization of exception messages. A remote attacker could use this flaw to execute arbitrary HTML or webscript in the context of Smarty user session if the victim visited a specially-crafted web page. References: [1] http://secunia.com/advisories/50589/ [2] http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt [3] http://www.openwall.com/lists/oss-security/2012/09/19/1 [4] http://www.openwall.com/lists/oss-security/2012/09/20/3 Upstream patch: [5] http://code.google.com/p/smarty-php/source/detail?r=4658
This issue affects the version of the php-Smarty package, as shipped with Fedora Rawhide. Please schedule an update. -- This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora release of 16 and 17 (as they did not include support for SmartyException class yet). -- This issue did NOT affect the versions of the php-Smarty package, as shipped with Fedora EPEL 5 and Fedora EPEL 6 (as they did not include support for SmartyException class yet).
Created php-Smarty tracking bugs for this issue Affects: fedora-rawhide [bug 858989]
Affects f18 also, will update.
(In reply to comment #3) > Affects f18 also, will update. Thanks, Jon. Looks this issue has been corrected in both Rawhide and Fedora 18. Closing this bug (feel free to reopen if still needed). Regards, Jan.
This issue affects the (current) version (php-Smarty-2.6.26-1.el5.2) of the php-Smarty package, as shipped with Fedora EPEL-5 => reopening the bug. Relevant patch for php-Smarty v2.6 version (from corresponding Debian bug): http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702710#10
Created attachment 708356 [details] Local copy of Debian's patch for php-Smarty v2 (from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702710#10)
Created php-Smarty tracking bugs for this issue Affects: epel-5 [bug 920149]