Publishing details

• Published on 2022-09-10

Changelog

smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1) buster-security; urgency=high

  * Non-maintainer upload.
  * Fix the following CVE:
    - CVE-2021-21408: template authors could run restricted static php methods
    - CVE-2021-29454: template authors could run arbitrary PHP code by crafting
                      a malicious math string
    - CVE-2022-29221: template authors could inject php code by choosing a
                      malicious {block} name or {include} file name
    - CVE-2021-26119: Sandbox Escape because $smarty.template_object can be
                      accessed in sandbox mode
    - CVE-2021-26120: code injection via an unexpected function name

 -- Markus Koschany <email address hidden>  Sun, 29 May 2022 13:13:32 +0200

Builds

Package files

• smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.debian.tar.xz (9.4 KiB)
• smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.dsc (2.3 KiB)
• smarty3_3.1.33+20180830.1.3a78a21f+selfpack1.orig.tar.xz (192.6 KiB)