[SECURITY] [DLA 1249-1] smarty3 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1249-1] smarty3 security update
From: Chris Lamb <lamby@debian.org>
Date: Fri, 19 Jan 2018 17:07:55 +0530
Message-id: <[🔎] 1516361875.2247415.1240923056.51307C30@webmail.messagingengine.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : smarty3
Version        : 3.1.10-2+deb7u2
CVE ID         : CVE-2017-1000480
Debian Bug     : #886460

It was discovered that there was a code-injection vulnerability in smarty3,
a PHP template engine.

A via specially-crafted filename in comments could result in arbitray code
execution. Thanks to Mike Gabriel for backporting the patch. 

For Debian 7 "Wheezy", this issue has been fixed in smarty3 version
3.1.10-2+deb7u2.

We recommend that you upgrade your smarty3 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlph2IIACgkQHpU+J9Qx
HljxVBAAwRdTZDv7EQ+aUBeXXEWoo983uOksMc95FXuRxaixwJTqOXoXqVlbshnm
wZJ2Skbes9MwPchMbcnow/3ahJcCQuJ6aBsy4y+J5UPTO0WkBVOoHiP+YojURA4e
fZxA2+K72xMd0Ry4wWwczl8aD/OFCIDDsJIYry9Q9PZ9b/YdBgO+0JwmjHbxBni1
BR5d+1RfXkwsM6Z7YuynUFa5GVbFNyxyHugYPLI1ar0vXDuZjlRNfW8sBqCmv81p
ev3DlYpFb16KwEGi18mV1YNSPC40KvewUajhcpbyYZ5UpfXlhj69jTbG3fKJZVFs
bgdMV1a3sMuYk6EfnUz1tWoD1RzeRb07H4VFtkz/w6Oy2k3MoEn2NtYsbYnUO6H/
SHSRWZWme6mVQbLpxhUTdQ2spqo1LKTgNgakEy/LnmSxi5ZzJENQguAkqPIMlinr
QLGwVjYvbSaKcXinnYe9oK5NOoxsyzxEk4GY6BV2tYDeg020otuw+QBZ2v2mwzJN
qmh3FSQvEmRqXC1y104+XzH/XExP4Gdq8hj/qRSg8/F0iG6soXVNsu8vW19V9Sv+
2AFE+ps9jcLYqkvZ+uciGjab10z4f3i5rjCGZ7mX8mYmw1M7/+Tobzqx0SAJf9tk
vbUJZHOJKAOoU+e8eJXcWynmR3nCJPxEWyfcTK5peKXTqVkfZK4=
=5WPF
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1248-1] libgd2 security update
Next by Date: [SECURITY] [DLA 1250-1] mysql-5.5 security update
Previous by thread: [SECURITY] [DLA 1248-1] libgd2 security update
Next by thread: [SECURITY] [DLA 1250-1] mysql-5.5 security update
Index(es):
- Date
- Thread