[ubuntu/impish-security] smarty3 3.1.39-2ubuntu0.21.10.1 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Mon Mar 28 10:14:19 UTC 2022
smarty3 (3.1.39-2ubuntu0.21.10.1) impish-security; urgency=medium
* SECURITY UPDATE: execution of restricted php methods
- debian/patches/CVE-2021-21408.patch: Prevent evasion of the
static_classes security policy in
lexer/smarty_internal_templateparser.y and
libs/sysplugins/smarty_internal_templateparser.php.
- CVE-2021-21408
* SECURITY UPDATE: code injection through math function
- debian/patches/CVE-2021-29454.patch: verify if the input to
the math function is a mathematical expression in
libs/plugins/function.math.php.
- CVE-2021-29454
Date: 2022-03-28 07:05:10.022309+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu0.21.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list