CVE-2008-1066

Publication date 28 February 2008

Last updated 24 July 2024

Ubuntu priority

The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used by Serendipity (S9Y) and other products, allows attackers to call arbitrary PHP functions via templates, related to a '\0' character in a search string.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
gallery2	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored
	7.04 feisty	Ignored
	6.06 LTS dapper	Ignored
smarty	7.10 gutsy	Fixed 2.6.18-1ubuntu2.1
	7.04 feisty	Fixed 2.6.14-1ubuntu0.7.04.1
	6.10 edgy	Fixed 2.6.14-1ubuntu0.6.10.1
	6.06 LTS dapper	Fixed 2.6.11-1ubuntu0.1

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
gallery2	Other: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492
smarty	Other: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469492 Debdiff: https://bugs.launchpad.net/ubuntu/+source/smarty/+bug/202422

References

Other references

https://www.cve.org/CVERecord?id=CVE-2008-1066