CVE-2009-1669 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1669): The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
Smarty-2.6.24 has been released meanwhile, which is now added to cvs. Candidate for stabilization: =dev-php/smarty-2.6.24
Arches, please test and mark stable: =dev-php/smarty-2.6.24 Target keywords : "alpha amd64 hppa ppc ppc64 sparc x86"
Stable for HPPA.
x86 stable
amd64 stable
Stable on alpha.
ppc64 done
ppc done
alpha/sparc stable
GLSA together with bug 212147, bug 213320, and bug 243856.
GLSA 201006-13