-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Sun, 29 May 2022 07:58:20 +0200 Source: smarty4 Architecture: source Version: 4.1.1-1 Distribution: unstable Urgency: medium Maintainer: Mike Gabriel <sunweaver@debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 1010375 1011757 Changes: smarty4 (4.1.1-1) unstable; urgency=medium . * New upstream release. - CVE-2021-21408: Prevent template authors from running restricted static php methods. (Closes: #1010375). - CVE-2021-29454: Prevent template authors from running arbitrary PHP code by crafting a malicious math string. (Closes: #1010375, as well). - CVE-2022-29221: Prevent template authors from injecting PHP code by choosing malicious filenames. (Closes: #1011757). * debian/control: + Bump Standards-Version: to 4.6.1. No changes needed. * debian/smarty4.docs: + Drop demo/ from documentation files. Folder removed upstream. * debian/copyright: + Update copyright attributions. Checksums-Sha1: e63f1e6899e030785fc8559e34576e9d74457507 1973 smarty4_4.1.1-1.dsc caf00055f53d86370bbc91a2048810e7bb157c4f 235624 smarty4_4.1.1.orig.tar.gz ac9f2bf465c54a84a8b8a1fcfd2a9ba3fda69289 8684 smarty4_4.1.1-1.debian.tar.xz 23783cdb7ea6d64133c66ea94ac9615935f875c2 6776 smarty4_4.1.1-1_source.buildinfo Checksums-Sha256: 18178ffd0e97255897c95c8678aec3d1a08686a786d72420f309dafae6711868 1973 smarty4_4.1.1-1.dsc 077847a9686a3b0e2f8bcd1ca232a452d796b188a71fbc73ca0e358c5970f21b 235624 smarty4_4.1.1.orig.tar.gz 0ea3e9674769de094f8f8ffce9c75142ebd057a47c51883c01814f8be7002dbf 8684 smarty4_4.1.1-1.debian.tar.xz 179dcac50f9d42bccefbe867580823257063fd72b91b8b1015032b624c715736 6776 smarty4_4.1.1-1_source.buildinfo Files: 59dbeb471d779e66d58abfd28f7d70b3 1973 web optional smarty4_4.1.1-1.dsc 19f86d232cc97b7d92b01ea1c67ade70 235624 web optional smarty4_4.1.1.orig.tar.gz 21df9c28f8c33b35ee8fb9646b4af00e 8684 web optional smarty4_4.1.1-1.debian.tar.xz 7ec01bf3198dd71593dbd264a028e523 6776 web optional smarty4_4.1.1-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmKTDSsVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxb4AP/06Naadf+7TVQp+XpbozQt9yNyOu wNHpsFPiWmDN37RZvVzRu9ehn4fKHoG08P4wIRNvFA0JqLa85KkbJMn5KRYYMCVD UHXR4/vMEoaX5ie7/sxFefQOqFhVmZCgGd9Nbs542U9PMDYa2FJ1ia9FvRN0cMyZ oewtwO/YagFZM/ypmQqqHCfi6addsVGc9CCPtKv+4eN5u1KZPS+qYlIDTyW/G1UT yLwqGEm1W4hNEeOjSIIYEaGsFbv+DI55JE+4CSISnCd/jREw3/U5wfwczRo55xaK NqfHQMpJwKFXq6llBmCzCjuIGxwPHkVOU9JHHFqyZ7KBbwPkILRSn7ofg3Qj/Yme 1kuI2iMeBxVBwQG6XfehPzdOuc7c/SEQvLiGuUMYC/OJ8QI+ipzrFRPW4l7LrNxZ nmI8VFfbC6UuhOFCKijstm5/aUZJ2JS20/dpBWe/fRqTM+kkfP+DxfVXvoN4n+ij AxcZWIvz2cPyS5/e0+bvsotY3v5KbWnyCKqLGSy11i2f4DL/zFOGPcbcMZwyZVMj n0U3n2hG1pD6rQ3475q9z/ntrM34SWCWd77CG18R6A0E2ajEFd/1GzIpRn2sW9d9 CIdgRQUTuI28XHzROQjW650aCF0oAmaqwLbOXDzC4WSaNbhHNLQFvNdzAUhyIFFG Hgbv7k9G7AuSpINQ =YJxu -----END PGP SIGNATURE-----
