[SECURITY] [DLA 1249-1] smarty3 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : smarty3
Version : 3.1.10-2+deb7u2
CVE ID : CVE-2017-1000480
Debian Bug : #886460
It was discovered that there was a code-injection vulnerability in smarty3,
a PHP template engine.
A via specially-crafted filename in comments could result in arbitray code
execution. Thanks to Mike Gabriel for backporting the patch.
For Debian 7 "Wheezy", this issue has been fixed in smarty3 version
3.1.10-2+deb7u2.
We recommend that you upgrade your smarty3 packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlph2IIACgkQHpU+J9Qx
HljxVBAAwRdTZDv7EQ+aUBeXXEWoo983uOksMc95FXuRxaixwJTqOXoXqVlbshnm
wZJ2Skbes9MwPchMbcnow/3ahJcCQuJ6aBsy4y+J5UPTO0WkBVOoHiP+YojURA4e
fZxA2+K72xMd0Ry4wWwczl8aD/OFCIDDsJIYry9Q9PZ9b/YdBgO+0JwmjHbxBni1
BR5d+1RfXkwsM6Z7YuynUFa5GVbFNyxyHugYPLI1ar0vXDuZjlRNfW8sBqCmv81p
ev3DlYpFb16KwEGi18mV1YNSPC40KvewUajhcpbyYZ5UpfXlhj69jTbG3fKJZVFs
bgdMV1a3sMuYk6EfnUz1tWoD1RzeRb07H4VFtkz/w6Oy2k3MoEn2NtYsbYnUO6H/
SHSRWZWme6mVQbLpxhUTdQ2spqo1LKTgNgakEy/LnmSxi5ZzJENQguAkqPIMlinr
QLGwVjYvbSaKcXinnYe9oK5NOoxsyzxEk4GY6BV2tYDeg020otuw+QBZ2v2mwzJN
qmh3FSQvEmRqXC1y104+XzH/XExP4Gdq8hj/qRSg8/F0iG6soXVNsu8vW19V9Sv+
2AFE+ps9jcLYqkvZ+uciGjab10z4f3i5rjCGZ7mX8mYmw1M7/+Tobzqx0SAJf9tk
vbUJZHOJKAOoU+e8eJXcWynmR3nCJPxEWyfcTK5peKXTqVkfZK4=
=5WPF
-----END PGP SIGNATURE-----
Reply to: