smarty3 (3.1.39-2ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: execution of restricted php methods
- debian/patches/CVE-2021-21408.patch: Prevent evasion of the
static_classes security policy in
lexer/smarty_internal_templateparser.y and
libs/sysplugins/smarty_internal_templateparser.php.
- CVE-2021-21408
* SECURITY UPDATE: code injection through math function
- debian/patches/CVE-2021-29454-1.patch: verify if the input to
the math function is a mathematical expression in
libs/plugins/function.math.php.
- debian/patches/CVE-2021-29454-2.patch: fix to support multiple
operators in math equations in
libs/plugins/function.math.php.
- debian/patches/CVE-2021-29454-3.patch: fix to allow multiple
parameters in mathematical functions in
libs/plugins/function.math.php.
- CVE-2021-29454
* Fix for compatibility with php 8.1.
- debian/patches/php8-1compatibility.patch
Date: Wed, 23 Mar 2022 16:00:18 +0100
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1
-------------- next part --------------
Format: 1.8
Date: Wed, 23 Mar 2022 16:00:18 +0100
Source: smarty3
Built-For-Profiles: noudeb
Architecture: source
Version: 3.1.39-2ubuntu1
Distribution: jammy
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Changes:
smarty3 (3.1.39-2ubuntu1) jammy; urgency=medium
.
* SECURITY UPDATE: execution of restricted php methods
- debian/patches/CVE-2021-21408.patch: Prevent evasion of the
static_classes security policy in
lexer/smarty_internal_templateparser.y and
libs/sysplugins/smarty_internal_templateparser.php.
- CVE-2021-21408
* SECURITY UPDATE: code injection through math function
- debian/patches/CVE-2021-29454-1.patch: verify if the input to
the math function is a mathematical expression in
libs/plugins/function.math.php.
- debian/patches/CVE-2021-29454-2.patch: fix to support multiple
operators in math equations in
libs/plugins/function.math.php.
- debian/patches/CVE-2021-29454-3.patch: fix to allow multiple
parameters in mathematical functions in
libs/plugins/function.math.php.
- CVE-2021-29454
* Fix for compatibility with php 8.1.
- debian/patches/php8-1compatibility.patch
Checksums-Sha1:
0127e298d968b2baec34a547419f29e40b3415f3 2058 smarty3_3.1.39-2ubuntu1.dsc
f004472be25e0c88f6a233ee3cb737c211e2c39c 9712 smarty3_3.1.39-2ubuntu1.debian.tar.xz
84ef00bb64eeeb2102adda49823c20288a6c05a4 6956 smarty3_3.1.39-2ubuntu1_source.buildinfo
Checksums-Sha256:
cb742d3af60a9825b4666e7083882bc83be3c6d90977459238d76f2f04496181 2058 smarty3_3.1.39-2ubuntu1.dsc
1ff6fe037394f0cf6e4dc63d99d0188199dc7d0a6c75c01cdf60048833de4365 9712 smarty3_3.1.39-2ubuntu1.debian.tar.xz
517db92c89e6d322f46bf64d529f4b15a46f5aadbeea9d4e900beb2cac6da30e 6956 smarty3_3.1.39-2ubuntu1_source.buildinfo
Files:
2e832b94cfc113f2bd1aa9bfba4defe0 2058 web optional smarty3_3.1.39-2ubuntu1.dsc
e92476e6a15e440e4330e6b97080a9e8 9712 web optional smarty3_3.1.39-2ubuntu1.debian.tar.xz
f6b32637fe26df36b75c6bc041116eec 6956 web optional smarty3_3.1.39-2ubuntu1_source.buildinfo
Original-Maintainer: Mike Gabriel <sunweaver at debian.org>