—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256
– ————————————————————————-
Debian Security Advisory DSA-4094-2 security@debian.org
https://www.debian.org/security/
January 30, 2018 https://www.debian.org/security/faq
– ————————————————————————-
Package : smarty3
CVE ID : CVE-2017-1000480
Debian Bug : 886460
Côme Chilliet from the FusionDirectory team detected a regression in the
previously issued fix for CVE-2017-1000480. This regression only affects
the Jessie version of the patch. For reference, the relevant part of the
original advisory text follows.
It was discovered that Smarty, a PHP template engine, was vulnerable to
code-injection attacks. An attacker was able to craft a filename in
comments that could lead to arbitrary code execution on the host running
Smarty.
For the oldstable distribution (jessie), this problem has been fixed
in version 3.1.21-1+deb8u2.
We recommend that you upgrade your smarty3 packages.
For the detailed security status of smarty3 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/smarty3
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
iQIzBAEBCAAdFiEEayzFlnvRveqeWJspbsLe9o/+N3QFAlpwrI8ACgkQbsLe9o/+
N3S2ThAAoTIBEBY7C7wZyHe00TMijKJh5Hjxtz7ApEzctO3+I8WCSm+90onW8W/J
W7+7eI9pNaVhWeK6yreO2rq/4qYMQvR2AJhA5L39k0JYQbTIIaCMSUXoCQ5ueP6X
IbXdlihcSFKxNpfqXZRBfg2M0k86RzUpIS1A4IJYpl4/pWG549JpXsoLxb9l/YgH
v81km+PA3SMXmkhZ7pfE/pQ/956hGCjd+qIRVkKdakZx+paxE6y24ltr2CGteQaN
IugRK0Fx7K9QhZrfsy6IrcoRn9Kz6QGStPJLNvV2doeM+ZUy7mT8sLHpIaEeu8U0
WElCxM8GAf9hfIYcrx1yAPV0KVj73HGluFeMTzijg7NtIb0fKTB/3i8uhN0Gw7MG
AftCzH5PHPiQj7PtcZOXBwQQssLaQzGRSCG5KgNiiAg27kwvYOcyhK6FtMmMcqjK
wF8M5mckuiCiqDSM4nuXrqiRt0viZkaLY2hIni09r0PaGIUKvQso1I/+X3QT3Bdr
6AzBgQxegCrZn9peduGCt8u1HS0jQH3X3rygptr33vtT6KerfgfehzCBFKQxhZJf
b1lGdABJyiLBqQlMNoFIML9TKcLSN4kfUn5gBhcdPVR8XykHLgSycnBww/2GK3dY
Vs5KGL+QhJ4CWPr0oSpypX0Upd+KL/0okGAaYcMLJw97VhNk2pE=
=r8LY
—–END PGP SIGNATURE—–