CVE-2009-1669

Name	CVE-2009-1669
Description	The smarty_function_math function in libs/plugins/function.math.php in Smarty 2.6.22 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the equation attribute of the math function. NOTE: some of these details are obtained from third party information.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1919-1
Debian Bugs	529810

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
smarty	source	etch	2.6.14-1etch2		DSA-1919-1
smarty	source	lenny	2.6.20-1.2		DSA-1919-1
smarty	source	(unstable)	2.6.26-0.1	low		529810

Notes

[etch] - smarty <not-affected> (Vulnerable code not present)
[lenny] - smarty <no-dsa> (Minor issue)