Back to smarty3 PTS page

Accepted smarty3 3.1.39-2+deb11u1 (source) into proposed-updates->stable-new, proposed-updates



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 29 May 2022 14:20:14 CEST
Source: smarty3
Architecture: source
Version: 3.1.39-2+deb11u1
Distribution: bullseye-security
Urgency: high
Maintainer: Mike Gabriel <sunweaver@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 1a88cbf75e438d8b749895211b5b8f2e5d7b2fbf 2134 smarty3_3.1.39-2+deb11u1.dsc
 29e48338fca86c78d910fbe3bb8d31145597d610 264604 smarty3_3.1.39.orig.tar.gz
 dbc6d2c9c34dde809f90cdbb35cbabced3e1be1c 9032 smarty3_3.1.39-2+deb11u1.debian.tar.xz
 aaa3450771caa78f79479330a87f404ebb491e97 6802 smarty3_3.1.39-2+deb11u1_amd64.buildinfo
Checksums-Sha256:
 7a3791a709f79b840375f7f3ab384f56a5db94f9e2b60d1db2008526aac12423 2134 smarty3_3.1.39-2+deb11u1.dsc
 d89ed84ed9bdf2697df9fb867acb03514ddafc8322e1b31860168adec91e70c2 264604 smarty3_3.1.39.orig.tar.gz
 3af7564d1dc9fc93df05926173ba30e9718c5f7786c42091e5001948e36ccfce 9032 smarty3_3.1.39-2+deb11u1.debian.tar.xz
 4ae5ca05fb7998736bc9987eeff7679ad67ac22694fdf19f1fa68f2e7e8dcb08 6802 smarty3_3.1.39-2+deb11u1_amd64.buildinfo
Changes:
 smarty3 (3.1.39-2+deb11u1) bullseye-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix the following CVE:
     - CVE-2021-21408: template authors could run restricted static php methods
     - CVE-2021-29454: template authors could run arbitrary PHP code by crafting
                       a malicious math string
     - CVE-2022-29221: template authors could inject php code by choosing a
                       malicious {block} name or {include} file name
Files:
 77f301398ebb74e7fbfe29ff5898db35 2134 web optional smarty3_3.1.39-2+deb11u1.dsc
 b2c0e57209c893ceebc2997025d50bb5 264604 web optional smarty3_3.1.39.orig.tar.gz
 63599047a276d4ab3f01cd8fda7c6986 9032 web optional smarty3_3.1.39-2+deb11u1.debian.tar.xz
 40d945967fe1bf0ab35742fcd2a701c3 6802 web optional smarty3_3.1.39-2+deb11u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKTZQtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk504QAJZqk+tCy/wkBJ0byxN2OWiJ7pJJA6BqQib8
FBbZR8Dtdylw1vP3o+QkBfx9bh2RNIL0CYYAx18uxHK8tJDfvvyforJtBfgriXhX
G5+pAFGfgmszAlSD6fY7OdokyC21B07dCmbPVFI57sxavDzEUFqoZ7Sdo6DP8z2K
c3rtpi2ctyEap47KwBP9gntpmU/VjHSSXBM1J71qlPa15rtvXPfqKzZADoGc1V+O
8JKGaqsprbwBADhl+tw74a2iQHX+1M+CU0opbPreA03jbB+Dd8zxu034kq94/IvJ
+k0+M4HmxAyXnyxStRAHldZhfMVXeFHL8j1Je958nWGaW5LxlucI7FOthOo3DNop
rmKjKk5FzYR5C6YyZZoaUCSUGAKDMq5uioNugqRjJ1ofUO6y+ubSR0XDlmfVNUeu
L3BdC+cuc0gN8vyg3w4E17V+q2QLDJmp9AF+T/k4entpCX5MgmhKLfzRMhgsWKN/
/qVbZT1/djAGwlRK9SuNYT5j8pCZ5hCENlNVHDMljkghssuyBunHUgwB0BOM9y2H
CyCJvDShsZiIRJMw3ukJPpAXZUVvtPwMrGhkd6CcaEXvXpZeVMvWE9H5CuMXC7Nf
ipiRPc4L2B0u3L6qPErpg0jifK4FqMmSSjuRI3z+6v5zLAEl8/lp2rj+UpUyb/Ra
qR7O1v5d
=2XlT
-----END PGP SIGNATURE-----