|
|
Subscribe / Log in / New account

Debian-LTS alert DLA-452-1 (smarty3)



From:
    	      Markus Koschany <apo@debian.org> 


To:
    	      debian-lts-announce@lists.debian.org 


Subject:
    	      [SECURITY] [DLA 452-1] smarty3 security update 


Date:
    	      Tue, 3 May 2016 17:37:50 +0200


Message-ID:
    	      <5728C5CE.9030803@debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : smarty3
Version        : 3.1.10-2+deb7u1
CVE ID         : CVE-2014-8350
Debian Bug     : 765920

Smarty3, a template engine for PHP, allowed remote attackers to bypass
the secure mode restrictions and execute arbitrary PHP code as
demonstrated by "{literal}<{/literal}script language=php>" in a
template.

For Debian 7 "Wheezy", these problems have been fixed in version
3.1.10-2+deb7u1.

We recommend that you upgrade your smarty3 packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXKMXOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk+A4P/3BV5ruW9JbFToy9ac1JLYKg
M1ULaFfX0wf5Vj3GVCKC0+p7HMvfFbvpcgZlTOKqGL1My+PBUZV9z4vNu5rQleIE
B63A98Ii8lSasOI6baGNFeCg1aniQt8SM6Qa3f3MrMlsHgv7ejrTNGVQvIJo7eYX
8KzJGrKA/EBBhzE+EDRRAtf98z/ziVSmvJEMdn5FyJkG7AW/N5Xhw+QvKncEv1PX
xiK6HOvgyJPkJv1RB1QylRAG00Aonmue44s0LTVGnlNB8unWZGeHXIpbFYM+dHop
KzGePhcok0kC2xXNgnpYUdBJNWYwDJ2vIMiTP1Lg6JIzRvB/upoTwYAmShF8OMO8
yrr9pIM+gTZEy4Rk9jPRRt5Ff6sKQ8MSydoy9AGUGXsUmgbRZr37evjJUj6htXfZ
5x15LX6scIS2vKYM8OjEvf0Y1nE6A24kQI1gzC+NH+qB+IDVYqeuP+yff8uKOw2r
XrIeL0r1BpLC0L3wzz3cdx6ymXZvaxxWjOsRAD+y8QqwyE3sRV4G/0ZOAZG16tEV
eP60TfIwMzHIfKT7TQaETi7cMp4TBw6FYrfnJm9898GDhgsvWBxZRH7zMMmcr0+7
8mT75eQ1Sqa2Gx2sJ5QjvbQkQAhcZUW5OZZwyXXY5mx/jl+kOvlesYjhSblrUhvS
KhTnjR91mp368wLsqID+
=X5CK
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds