Debian Security Advisory
DLA-452-1 smarty3 -- LTS security update
- Date Reported:
- 03 May 2016
- Affected Packages:
- smarty3
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 765920.
In Mitre's CVE dictionary: CVE-2014-8350. - More information:
-
Smarty3, a template engine for PHP, allowed remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
For Debian 7
Wheezy
, these problems have been fixed in version 3.1.10-2+deb7u1.We recommend that you upgrade your smarty3 packages.