[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1249-2] smarty3 regression update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : smarty3
Version        : 3.1.10-2+deb7u3
CVE ID         : CVE-2017-1000480
Debian Bug     : #886460

It was previously discovered that there was a code-injection vulnerability in
smarty3, a PHP template engine. A via specially-crafted filename in comments
could result in arbitrary code execution.

However, the fix in 3.1.10-2+deb7u2 was incorrect. For Debian 7 "Wheezy",
this regression has been addressed in smarty3 version 3.1.10-2+deb7u3.

We recommend that you upgrade your smarty3 packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlpy2f4ACgkQHpU+J9Qx
HlgC7w/7BC5agzUTF1sYIgcaXtzsYIjZFKrhrg2xfT2ptPzy5FwNc8xhIW7SxjL/
fPogBGcJdSRNCPmhnBfRSCaMdq016KEcTwvw6HBGec0xfgIzI4iUBflKuQkijptj
OV/5Ty6VKKVFDW+TBWg1TlzTsKjb6o0RZXbnN+5XmoqswHGFYHmKt1rP+DVSvLMU
7Ok76Xe097k0qUdCAYck+zg2aJHvIS2BbHRED/AU1HHU527Yj2X+mQl5OdpvkpPt
oRO6+YVcVAD5+hkJMSDpfVVzAxI+MTBgSpVr7FV3kEuUZfL0vTa1fpewr9tzMNNc
1pNkOupjGUsA7w7S0ZFVlOi4knC9NdQtOGFOUVgIGgCdjNyKQVxU4Pxybdcpw+Iv
wasowDHEqFcoVCX0qclcXa+gdLU54vvp5Riy+v7CHGrQYIDwt5ByRX1ji23UDd0A
6SCokfaY1jjXcB15c5dSe4eleZASk4ViZGWIg8Ss6NE09lsdxcnCmQZacGXJwefM
ajt+oogPpTMJfazU1p3pfO7kl7scyOBJngycc18SIjXjbq2TH+xausw8DntqQVoq
LAdi5Ns0kOP/4EOLbZFPXZQtLyW128BaSukE40ETrwBtgyjsIsIVyJd5+x3fM0cD
/2klgbWanuRHvanAJrACIPwWSb0KyukYrEd3zgdBusiJxevK5wA=
=/X+V
-----END PGP SIGNATURE-----


Reply to: