[ubuntu/bionic-updates] smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon Mar 28 10:58:27 UTC 2022 

smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: path traversal in Smarty templates
    - debian/patches/CVE-2018-13982-1.patch: perform validation over
      directory provided in libs/Smarty.class.php and
      libs/sysplugins/smarty_security.php
    - debian/patches/CVE-2018-13982-2.patch: reformat code of
      previous patch and add additional checks.
    - debian/patches/CVE-2018-13982-3.patch: alter regex validation
      of previous patches and update logic flow.
    - CVE-2018-13982
    - CVE-2018-16831
  * SECURITY UPDATE: execution of restricted php methods
    - debian/patches/CVE-2021-21408.patch: Prevent evasion of the
      static_classes security policy in
      lexer/smarty_internal_templateparser.y and
      libs/sysplugins/smarty_internal_templateparser.php.
    - CVE-2021-21408
  * SECURITY UPDATE: sandbox escape by accessing public object
    - debian/patches/CVE-2021-26119.patch: Prevent access to
      $smarty.template_object in sandbox mode in
      libs/sysplugins/
      smarty_internal_compile_private_special_variable.php.
    - CVE-2021-26119
  * SECURITY UPDATE: code injection through function name
    - debian/patches/CVE-2021-26120.patch: perform validation over
      the function name supplied in
      libs/sysplugins/smarty_internal_compile_function.php.
    - CVE-2021-26120
  * SECURITY UPDATE: code injection through math function
    - debian/patches/CVE-2021-29454.patch: verify if the input to
      the math function is a mathematical expression in
      libs/plugins/function.math.php.
    - CVE-2021-29454

Date: 2022-03-25 08:51:09.735507+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/smarty3/3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Bionic-changes mailing list