Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To:
Subject: Accepted smarty3 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1 (source) into oldstable->embargoed, oldstable
Date: Sun, 29 May 2022 14:39:37 +0000
Signed by: Markus Koschany <apo@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 29 May 2022 14:14:35 CEST
Source: smarty3
Architecture: source
Version: 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Mike Gabriel <sunweaver@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 c60d637388fa2aa0899c6a2b65f132d85f2a2d56 2341 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.dsc
 c4c8ebab667a96f6903eed401eecde17bb79ceac 197196 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1.orig.tar.xz
 bd2afe99ed7c82e43a524b735e140be97616e415 9596 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.debian.tar.xz
 6aa19266d5ebd3836158a7275d2ca0f3e6e3cb6f 6634 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1_amd64.buildinfo
Checksums-Sha256:
 1a8b25ebcfa959d076a9929dd9f033df33d868899c13073cf684a28f866fad06 2341 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.dsc
 ae3076bdcac90e7306f1a6c9edc121e46d68465a096e6df3e3d50c8913f337c9 197196 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1.orig.tar.xz
 a39559b6c778be19fd5037bc4ff7e44bcca2df4aa5b6cd9c9d34931654ae5e7a 9596 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.debian.tar.xz
 b0d3f7d10656a6fda028a325737ef53c21d8747c4581fcc6c1da6bc08da1ef89 6634 smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1_amd64.buildinfo
Changes:
 smarty3 (3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1) buster-security; urgency=high
 .
   * Non-maintainer upload.
   * Fix the following CVE:
     - CVE-2021-21408: template authors could run restricted static php methods
     - CVE-2021-29454: template authors could run arbitrary PHP code by crafting
                       a malicious math string
     - CVE-2022-29221: template authors could inject php code by choosing a
                       malicious {block} name or {include} file name
     - CVE-2021-26119: Sandbox Escape because $smarty.template_object can be
                       accessed in sandbox mode
     - CVE-2021-26120: code injection via an unexpected function name
Files:
 2115f3058f1fd741aa3785e6e55f11fc 2341 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.dsc
 c8652d27cae90a80cf8d495ccf4a2ffd 197196 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1.orig.tar.xz
 1a68bbabb5fd6d8b4bd68590a622c86f 9596 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1.debian.tar.xz
 07814115ec72ddb84593a2a12b41ebed 6634 web optional smarty3_3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKTZIpfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkXuYQAMf5T3cb06KgQPYvZiTwDndfc9FRc3gYhRMw
Cd6vaeOO1oKow+gKFk/JC7LVcN0QKYsUyxEG3zchuPJAMn8McmgdFQBKgQD3P2y9
dCyZULFWMdUBtpfaqXWN9pDplbYQ1kQ9Nf8uX96tTB36F0A4gKrimVdm/D6ze/HK
CLctTgUL3yFpRjlDX33zuC9bfVdjFHALx72wVEI8bx/oYF9uqlgwnV/EP2ZHNGnd
YRvWH169bp2D6nA2/AtyYnSQOEoqGELWjp7WF1QT5hDc4nIDAzLOWM3ZSTVuM7OY
WjJ6Th028Wrd/Mk22lHxm7QfEJKmJ2wUamkV/pvrkVgOr40NYztZPj+Sebat0RRf
DJv1Kr0tESfxVchS+LIK7grqODkLfHLQ6XbSbme8NB2WQM1smONc3gCH/JgTfvxh
tM9k8YtgFzsBgrdqB1gY+moWSmGVoLoxY8+5VtQcNgB4pZfm0rsxF6M3Y3PECBry
37wu4b2LiKEbGpD1X1JoUUMNF9p6YEAflnHo4luTgjeqP7xH0tm+sXJmtBoY/yZw
vdM9Wrxv4xiRpY/Azlc9v1cd6IU9Qo6EMifQpMsjMAiswL3KjMPimmL/pZypVmxS
xOQKMGZRnOmjotdSKLJGEeLkb38jXcl5uJq8RJM1wn40+ebViuNxMKJ+oEEqA7pF
WIvFVFEI
=6MUU
-----END PGP SIGNATURE-----
News for package smarty3
