[ubuntu/kinetic-updates] smarty3 3.1.39-2ubuntu1.22.10.1 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Wed Apr 12 13:28:10 UTC 2023
smarty3 (3.1.39-2ubuntu1.22.10.1) kinetic-security; urgency=medium
* SECURITY UPDATE: PHP code injection by malicious block or filename
- debian/patches/CVE-2022-29221.patch: Prevents a PHP code injection by
defining a new escaping function in
libs/sysplugins/smarty_internal_templatecompilerbase.php and using it in
multiple files: libs/sysplugins/smarty_internal_compile_block.php,
libs/sysplugins/smarty_internal_compile_function.php,
libs/sysplugins/smarty_internal_compile_include.php,
libs/sysplugins/smarty_internal_config_file_compiler.php,
libs/sysplugins/smarty_internal_runtime_codeframe.php, and
libs/sysplugins/smarty_internal_templatecompilerbase.php.
- CVE-2022-29221
Date: 2023-04-12 09:31:09.430979+00:00
Changed-By: George-Andrei Iosif <andrei.iosif at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/smarty3/3.1.39-2ubuntu1.22.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list