[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 452-1] smarty3 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : smarty3
Version        : 3.1.10-2+deb7u1
CVE ID         : CVE-2014-8350
Debian Bug     : 765920

Smarty3, a template engine for PHP, allowed remote attackers to bypass
the secure mode restrictions and execute arbitrary PHP code as
demonstrated by "{literal}<{/literal}script language=php>" in a
template.

For Debian 7 "Wheezy", these problems have been fixed in version
3.1.10-2+deb7u1.

We recommend that you upgrade your smarty3 packages.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQJ8BAEBCgBmBQJXKMXOXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBQ0YzRDA4OEVGMzJFREVGNkExQTgzNUZE
OUFEMTRCOTUxM0I1MUU0AAoJENmtFLlRO1Hk+A4P/3BV5ruW9JbFToy9ac1JLYKg
M1ULaFfX0wf5Vj3GVCKC0+p7HMvfFbvpcgZlTOKqGL1My+PBUZV9z4vNu5rQleIE
B63A98Ii8lSasOI6baGNFeCg1aniQt8SM6Qa3f3MrMlsHgv7ejrTNGVQvIJo7eYX
8KzJGrKA/EBBhzE+EDRRAtf98z/ziVSmvJEMdn5FyJkG7AW/N5Xhw+QvKncEv1PX
xiK6HOvgyJPkJv1RB1QylRAG00Aonmue44s0LTVGnlNB8unWZGeHXIpbFYM+dHop
KzGePhcok0kC2xXNgnpYUdBJNWYwDJ2vIMiTP1Lg6JIzRvB/upoTwYAmShF8OMO8
yrr9pIM+gTZEy4Rk9jPRRt5Ff6sKQ8MSydoy9AGUGXsUmgbRZr37evjJUj6htXfZ
5x15LX6scIS2vKYM8OjEvf0Y1nE6A24kQI1gzC+NH+qB+IDVYqeuP+yff8uKOw2r
XrIeL0r1BpLC0L3wzz3cdx6ymXZvaxxWjOsRAD+y8QqwyE3sRV4G/0ZOAZG16tEV
eP60TfIwMzHIfKT7TQaETi7cMp4TBw6FYrfnJm9898GDhgsvWBxZRH7zMMmcr0+7
8mT75eQ1Sqa2Gx2sJ5QjvbQkQAhcZUW5OZZwyXXY5mx/jl+kOvlesYjhSblrUhvS
KhTnjR91mp368wLsqID+
=X5CK
-----END PGP SIGNATURE-----


Reply to: