mahara-contributors team mailing list archive

Thread
Date

[Bug 491129] Re: Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: François Marier <francois@xxxxxxxxxx>
Date: Tue, 06 Apr 2010 04:34:06 -0000
Reply-to: Bug 491129 <491129@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Changed in: mahara/1.0
       Status: Fix Committed => Fix Released

** Changed in: mahara/1.1
       Status: Fix Committed => Fix Released

** Changed in: mahara
       Status: Fix Committed => Fix Released

** Visibility changed to: Public

-- 
Smarty version in Mahara 1.0 and 1.1 has security vulnerabilities
https://bugs.launchpad.net/bugs/491129
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.

Status in Mahara ePortfolio: Fix Released
Status in Mahara 1.0 series: Fix Released
Status in Mahara 1.1 series: Fix Released

Bug description:
The version of smarty bundled with Mahara has three open vulnerabilities:

  CVE-2008-4810
  CVE-2008-4811
  CVE-2009-1669

The Debian/Ubuntu packages are not vulnerable since they use the packaged version of smarty.