Format: 1.8 Date: Wed, 23 Mar 2022 16:00:18 +0100 Source: smarty3 Binary: smarty3 Built-For-Profiles: noudeb Architecture: all Version: 3.1.39-2ubuntu1 Distribution: kinetic Urgency: medium Maintainer: Launchpad Build Daemon Changed-By: David Fernandez Gonzalez Description: smarty3 - Changes: smarty3 (3.1.39-2ubuntu1) jammy; urgency=medium . * SECURITY UPDATE: execution of restricted php methods - debian/patches/CVE-2021-21408.patch: Prevent evasion of the static_classes security policy in lexer/smarty_internal_templateparser.y and libs/sysplugins/smarty_internal_templateparser.php. - CVE-2021-21408 * SECURITY UPDATE: code injection through math function - debian/patches/CVE-2021-29454-1.patch: verify if the input to the math function is a mathematical expression in libs/plugins/function.math.php. - debian/patches/CVE-2021-29454-2.patch: fix to support multiple operators in math equations in libs/plugins/function.math.php. - debian/patches/CVE-2021-29454-3.patch: fix to allow multiple parameters in mathematical functions in libs/plugins/function.math.php. - CVE-2021-29454 * Fix for compatibility with php 8.1. - debian/patches/php8-1compatibility.patch Checksums-Sha1: 6551aaa53aa8f8a7cd7055c9720b516c5d9be39d 169934 smarty3_3.1.39-2ubuntu1_all.deb 8d76f71fdae6490a83bd354f47ef1615dee5fd89 6326 smarty3_3.1.39-2ubuntu1_amd64.buildinfo Checksums-Sha256: 2cb133e93a509d20b8327151b6b61c24519eeb63ec2dd750ded86fa1959c1238 169934 smarty3_3.1.39-2ubuntu1_all.deb e8488c734df0b5d8d1dab552fb04f64e1fb5a5d576adf89c5d28b2fe80dba41a 6326 smarty3_3.1.39-2ubuntu1_amd64.buildinfo Files: 72eb873c93907f936f40300fe6067c49 169934 web optional smarty3_3.1.39-2ubuntu1_all.deb 4bd55fcdb4e832358772e540a269dc68 6326 web optional smarty3_3.1.39-2ubuntu1_amd64.buildinfo Original-Maintainer: Mike Gabriel