1. Forum
  2. Usenet
  3. LINUX.DEBIAN.CHANGES

  • Accepted smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1 (source

    From Debian FTP Masters@21:1/5 to All on Sun May 29 20:40:01 2022
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    Format: 1.8
    Date: Sun, 29 May 2022 14:14:35 CEST
    Source: smarty3
    Architecture: source
    Version: 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1
    Distribution: buster-security
    Urgency: high
    Maintainer: Mike Gabriel <sunweaver@debian.org>
    Changed-By: Markus Koschany <apo@debian.org>
    Checksums-Sha1:
    c60d637388fa2aa0899c6a2b65f132d85f2a2d56 2341 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.dsc
    c4c8ebab667a96f6903eed401eecde17bb79ceac 197196 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1.orig.tar.xz
    bd2afe99ed7c82e43a524b735e140be97616e415 9596 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.debian.tar.xz
    6aa19266d5ebd3836158a7275d2ca0f3e6e3cb6f 6634 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1_amd64.buildinfo
    Checksums-Sha256:
    1a8b25ebcfa959d076a9929dd9f033df33d868899c13073cf684a28f866fad06 2341 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.dsc
    ae3076bdcac90e7306f1a6c9edc121e46d68465a096e6df3e3d50c8913f337c9 197196 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1.orig.tar.xz
    a39559b6c778be19fd5037bc4ff7e44bcca2df4aa5b6cd9c9d34931654ae5e7a 9596 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.debian.tar.xz
    b0d3f7d10656a6fda028a325737ef53c21d8747c4581fcc6c1da6bc08da1ef89 6634 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1_amd64.buildinfo
    Changes:
    smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1) buster-security; urgency=high
    .
    * Non-maintainer upload.
    * Fix the following CVE:
    - CVE-2021-21408: template authors could run restricted static php methods
    - CVE-2021-29454: template authors could run arbitrary PHP code by crafting
    a malicious math string
    - CVE-2022-29221: template authors could inject php code by choosing a
    malicious {block} name or {include} file name
    - CVE-2021-26119: Sandbox Escape because $smarty.template_object can be
    accessed in sandbox mode
    - CVE-2021-26120: code injection via an unexpected function name
    Files:
    2115f3058f1fd741aa3785e6e55f11fc 2341 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.dsc
    c8652d27cae90a80cf8d495ccf4a2ffd 197196 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1.orig.tar.xz
    1a68bbabb5fd6d8b4bd68590a622c86f 9596 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.debian.tar.xz
    07814115ec72ddb84593a2a12b41ebed 6634 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1_amd64.buildinfo

    -----BEGIN PGP SIGNATURE-----

    iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKTZIpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkXuYQAMf5T3cb06KgQPYvZiTwDndfc9FRc3gYhRMw Cd6vaeOO1oKow+gKFk/JC7LVcN0QKYsUyxEG3zchuPJAMn8McmgdFQBKgQD3P2y9 dCyZULFWMdUBtpfaqXWN9pDplbYQ1kQ9Nf8uX96tTB36F0A4gKrimVdm/D6ze/HK CLctTgUL3yFpRjlDX33zuC9bfVdjFHALx72wVEI8bx/oYF9uqlgwnV/EP2ZHNGnd YRvWH169bp2D6nA2/AtyYnSQOEoqGELWjp7WF1QT5hDc4nIDAzLOWM3ZSTVuM7OY WjJ6Th028Wrd/Mk22lHxm7QfEJKmJ2wUamkV/pvrkVgOr40NYztZPj+Sebat0RRf DJv1Kr0tESfxVchS+LIK7grqODkLfHLQ6XbSbme8NB2WQM1smONc3gCH/JgTfvxh tM9k8YtgFzsBgrdqB1gY+moWSmGVoLoxY8+5VtQcNgB4pZfm0rsxF6M3Y3PECBry 37wu4b2LiKEbGpD1X1JoUUMNF9p6YEAflnHo4luTgjeqP7xH0tm+sXJmtBoY/yZw vdM9Wrxv4xiRpY/Azlc9v1cd6IU9Qo6EMifQpMsjMAiswL3KjMPimmL/pZypVmxS xOQKMGZRnOmjotdSKLJGEeLkb38jXcl5uJq8RJM1wn40+ebViuNxMKJ+oEEqA7pF
    WIvFVFEI
    =6MUU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)