Changelog
smarty3 (3.1.39-2ubuntu1) jammy; urgency=medium
* SECURITY UPDATE: execution of restricted php methods
- debian/patches/CVE-2021-21408.patch: Prevent evasion of the
static_classes security policy in
lexer/smarty_internal_templateparser.y and
libs/sysplugins/smarty_internal_templateparser.php.
- CVE-2021-21408
* SECURITY UPDATE: code injection through math function
- debian/patches/CVE-2021-29454-1.patch: verify if the input to
the math function is a mathematical expression in
libs/plugins/function.math.php.
- debian/patches/CVE-2021-29454-2.patch: fix to support multiple
operators in math equations in
libs/plugins/function.math.php.
- debian/patches/CVE-2021-29454-3.patch: fix to allow multiple
parameters in mathematical functions in
libs/plugins/function.math.php.
- CVE-2021-29454
* Fix for compatibility with php 8.1.
- debian/patches/php8-1compatibility.patch
-- David Fernandez Gonzalez <email address hidden> Wed, 23 Mar 2022 16:00:18 +0100