Univention Bugzilla – Bug 53119
smarty3: Multiple issues (4.4) regression
Last modified: 2021-04-21 16:56:58 CEST
3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u{2 -> 3} +++ This bug was initially created as a clone of Bug #53041 +++ Regression smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u{2 -> 3}: * Fix CVE-2018-13982, CVE-2021-26119, CVE-2021-26120 * Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement. (CVE-2018-16831) Already cherry-picked to UCS 4.4.8
--- mirror/ftp/4.4/unmaintained/component/4.4-7-errata/source/smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2.dsc +++ apt/ucs_4.4-0-errata4.4-7/source/smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3.dsc @@ -1,3 +1,8 @@ +3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3 [Thu, 15 Apr 2021 15:18:24 +0530] Abhijith PA <abhijith@debian.org>: + + * Non-maintainer upload by the Debian LTS Team. + * Regression update. + 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2 [Sun, 04 Apr 2021 12:45:17 +0530] Abhijith PA <abhijith@debian.org>: * Non-maintainer upload by the Debian LTS Team. <http://piuparts.knut.univention.de/4.4-7/#1298948259543807436>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-7] 1f5b527150 Bug #53119: smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3 doc/errata/staging/smarty3.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.4-7] 4578176301 Bug #53119: smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2 doc/errata/staging/smarty3.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x961>