Debian Security Advisory

DLA-452-1 smarty3 -- LTS security update

Date Reported:
03 May 2016
Affected Packages:
smarty3
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 765920.
In Mitre's CVE dictionary: CVE-2014-8350.
More information:

Smarty3, a template engine for PHP, allowed remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.

For Debian 7 Wheezy, these problems have been fixed in version 3.1.10-2+deb7u1.

We recommend that you upgrade your smarty3 packages.