[ubuntu/jammy-security] smarty3 3.1.39-2ubuntu1.22.04.1 (Accepted)
George-Andrei Iosif
andrei.iosif at canonical.com
Wed Apr 12 12:01:03 UTC 2023
smarty3 (3.1.39-2ubuntu1.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: PHP code injection by malicious block or filename
- debian/patches/CVE-2022-29221.patch: Prevents a PHP code injection by
defining a new escaping function in
libs/sysplugins/smarty_internal_templatecompilerbase.php and using it in
multiple files: libs/sysplugins/smarty_internal_compile_block.php,
libs/sysplugins/smarty_internal_compile_function.php,
libs/sysplugins/smarty_internal_compile_include.php,
libs/sysplugins/smarty_internal_config_file_compiler.php,
libs/sysplugins/smarty_internal_runtime_codeframe.php, and
libs/sysplugins/smarty_internal_templatecompilerbase.php.
- CVE-2022-29221
Date: 2023-04-12 09:51:10.242887+00:00
Changed-By: George-Andrei Iosif <andrei.iosif at canonical.com>
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.04.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the jammy-changes
mailing list