It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string. For the old stable distribution (sarge), this problem has been fixed in version 2.6.9-1sarge1. For the stable distribution (etch), this problem has been fixed in version 2.6.14-1etch1. For the unstable distribution (sid), this problem has been fixed in version 2.6.18-1.1. We recommend that you upgrade your smarty package.
It was discovered that the regex module in Smarty, a PHP templating engine, allows attackers to call arbitrary PHP functions via templates using the regex_replace plugin by a specially crafted search string.
For the old stable distribution (sarge), this problem has been fixed in version 2.6.9-1sarge1.
For the stable distribution (etch), this problem has been fixed in version 2.6.14-1etch4.
For the unstable distribution (sid), this problem has been fixed in version 2.6.18-1.1.
We recommend that you upgrade your smarty package.
MD5 checksums of the listed files are available in the original advisory.