[ubuntu/lunar-proposed] smarty3 3.1.39-2ubuntu2 (Accepted)
George-Andrei Iosif
andrei.iosif at canonical.com
Wed Apr 12 11:45:33 UTC 2023
smarty3 (3.1.39-2ubuntu2) lunar; urgency=medium
* SECURITY UPDATE: PHP code injection by malicious block or filename
- debian/patches/CVE-2022-29221.patch: Prevents a PHP code injection by
defining a new escaping function in
libs/sysplugins/smarty_internal_templatecompilerbase.php and using it in
multiple files: libs/sysplugins/smarty_internal_compile_block.php,
libs/sysplugins/smarty_internal_compile_function.php,
libs/sysplugins/smarty_internal_compile_include.php,
libs/sysplugins/smarty_internal_config_file_compiler.php,
libs/sysplugins/smarty_internal_runtime_codeframe.php, and
libs/sysplugins/smarty_internal_templatecompilerbase.php.
- CVE-2022-29221
Date: Tue, 11 Apr 2023 17:32:48 +0300
Changed-By: George-Andrei Iosif <andrei.iosif at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu2
-------------- next part --------------
Format: 1.8
Date: Tue, 11 Apr 2023 17:32:48 +0300
Source: smarty3
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.39-2ubuntu2
Distribution: lunar
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: George-Andrei Iosif <andrei.iosif at canonical.com>
Changes:
smarty3 (3.1.39-2ubuntu2) lunar; urgency=medium
.
* SECURITY UPDATE: PHP code injection by malicious block or filename
- debian/patches/CVE-2022-29221.patch: Prevents a PHP code injection by
defining a new escaping function in
libs/sysplugins/smarty_internal_templatecompilerbase.php and using it in
multiple files: libs/sysplugins/smarty_internal_compile_block.php,
libs/sysplugins/smarty_internal_compile_function.php,
libs/sysplugins/smarty_internal_compile_include.php,
libs/sysplugins/smarty_internal_config_file_compiler.php,
libs/sysplugins/smarty_internal_runtime_codeframe.php, and
libs/sysplugins/smarty_internal_templatecompilerbase.php.
- CVE-2022-29221
Checksums-Sha1:
ae1b629e86f4388124177ef9fc3f5f922781c0f3 2061 smarty3_3.1.39-2ubuntu2.dsc
def6fe87a93c7cbbbfda3f6ab23e8384982a14c8 11032 smarty3_3.1.39-2ubuntu2.debian.tar.xz
6ea5e5bf5813b40bd10ddfee03d9041ae1e4b925 6821 smarty3_3.1.39-2ubuntu2_source.buildinfo
Checksums-Sha256:
0fa37cae5253f21ac50ffaecb39af136987aec2ecd4721986c9089f692065dad 2061 smarty3_3.1.39-2ubuntu2.dsc
e9a309f5735dedcf752c2328db56b3427535d17d90ac0e5f4ccd031686398bff 11032 smarty3_3.1.39-2ubuntu2.debian.tar.xz
4791ff8b26de2ecb1e12084c84ba90d7c56313c6244a3ece9c107162bc5b2b5f 6821 smarty3_3.1.39-2ubuntu2_source.buildinfo
Files:
3cf9bca3593e21315c1ecfc2fbeb38fc 2061 web optional smarty3_3.1.39-2ubuntu2.dsc
bb8426c29dc55557e80fcc2612b93ff1 11032 web optional smarty3_3.1.39-2ubuntu2.debian.tar.xz
f795f9dd1eacc3dab72a9ebc4d0d9fef 6821 web optional smarty3_3.1.39-2ubuntu2_source.buildinfo
Original-Maintainer: Mike Gabriel <sunweaver at debian.org>
More information about the lunar-changes
mailing list