Ubuntu
smarty3 package

smarty3 3.1.39-2ubuntu1.22.04.1 source package in Ubuntu

Changelog

smarty3 (3.1.39-2ubuntu1.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: PHP code injection by malicious block or filename
    - debian/patches/CVE-2022-29221.patch: Prevents a PHP code injection by
      defining a new escaping function in
      libs/sysplugins/smarty_internal_templatecompilerbase.php and using it in
      multiple files: libs/sysplugins/smarty_internal_compile_block.php,
      libs/sysplugins/smarty_internal_compile_function.php,
      libs/sysplugins/smarty_internal_compile_include.php,
      libs/sysplugins/smarty_internal_config_file_compiler.php,
      libs/sysplugins/smarty_internal_runtime_codeframe.php, and
      libs/sysplugins/smarty_internal_templatecompilerbase.php.
    - CVE-2022-29221

 -- George-Andrei Iosif <email address hidden>  Mon, 10 Apr 2023 17:18:37 +0300

Upload details

Uploaded by:
George-Andrei Iosif
Uploaded to:
Jammy
Original maintainer:
Ubuntu Developers
Architectures:
all
Section:
web
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Jammy updates universe web
Jammy security universe web

Builds

Jammy: [FULLYBUILT] amd64

Downloads

File Size SHA-256 Checksum
smarty3_3.1.39.orig.tar.gz 258.4 KiB d89ed84ed9bdf2697df9fb867acb03514ddafc8322e1b31860168adec91e70c2
smarty3_3.1.39-2ubuntu1.22.04.1.debian.tar.xz 10.7 KiB a0862c8257a0ebd4b1c448e515c3a7d0861364bf680df9d9daeda248095bd82a
smarty3_3.1.39-2ubuntu1.22.04.1.dsc 1.9 KiB 87cd769fe20c61ff338ec9fcc8388e527aa1cf2ba4cb4e865cc6160650f97ed9

View changes file

Binary packages built by this source

smarty3: Smarty - the compiling PHP template engine

 Smarty is a template engine for PHP. More specifically, it
 facilitates a manageable way to separate application logic and content
 from its presentation.
 .
 Smarty 3.1 is a departure from 2.0 compatibility. Most notably, all
 backward compatibility has been moved to a separate class file named
 SmartyBC.class.php. If you require compatibility with 2.0, you will
 need to use this class.