Univention Bugzilla – Bug 53985
smarty3: Multiple issues (4.4)
Last modified: 2021-10-28 18:15:56 CEST
New Debian smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u4 fixes: Fix regression from UCS erratum 961: * Path traversal vulnerability due to insufficient template code sanitization (CVE-2018-13982)
--- mirror/ftp/4.4/unmaintained/4.4-8/source/smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u4.dsc @@ -1,3 +1,15 @@ +3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u4 [Tue, 19 Oct 2021 23:50:14 +0200] Markus Koschany <apo@debian.org>: + + * Non-maintainer upload by the LTS Security Team. + + [ Abhijith PA ] + * Use the correct DIRECTORY_SEPARATOR constant instead of $this-ds in + smarty_security.php. (Closes: #989141) + + [ Markus Koschany ] + * Backport the missing fix for CVE-2018-13982 in the Smarty.class.php + getter function. + 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u3 [Thu, 15 Apr 2021 15:18:24 +0530] Abhijith PA <abhijith@debian.org>: * Non-maintainer upload by the Debian LTS Team. <http://piuparts.knut.univention.de/4.4-8/#1298948259540559861>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] d11d84b256 Bug #53985: smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u4 doc/errata/staging/smarty3.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1076>