Univention Bugzilla – Bug 53041
smarty3: Multiple issues (4.4)
Last modified: 2021-04-17 15:18:44 CEST
New Debian smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2 fixes: This update addresses the following issues: * 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2 (Sun, 04 Apr 2021 12:45:17 +0530) * Non-maintainer upload by the Debian LTS Team. * Fix CVE-2018-13982, CVE-2021-26119, CVE-2021-26120 * Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. (CVE-2018-16831)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2.dsc @@ -1,3 +1,8 @@ +3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2 [Sun, 04 Apr 2021 12:45:17 +0530] Abhijith PA <abhijith@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * Fix CVE-2018-13982, CVE-2021-26119, CVE-2021-26120 + 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1 [Sun, 14 Jan 2018 13:16:25 +0100] Mike Gabriel <sunweaver@debian.org>: * debian/patches: <http://piuparts.knut.univention.de/4.4-7/#1298948259542724911>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x953>