-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 29 May 2022 14:20:14 CEST Source: smarty3 Architecture: source Version: 3.1.39-2+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Mike Gabriel <sunweaver@debian.org> Changed-By: Markus Koschany <apo@debian.org> Checksums-Sha1: 1a88cbf75e438d8b749895211b5b8f2e5d7b2fbf 2134 smarty3_3.1.39-2+deb11u1.dsc 29e48338fca86c78d910fbe3bb8d31145597d610 264604 smarty3_3.1.39.orig.tar.gz dbc6d2c9c34dde809f90cdbb35cbabced3e1be1c 9032 smarty3_3.1.39-2+deb11u1.debian.tar.xz aaa3450771caa78f79479330a87f404ebb491e97 6802 smarty3_3.1.39-2+deb11u1_amd64.buildinfo Checksums-Sha256: 7a3791a709f79b840375f7f3ab384f56a5db94f9e2b60d1db2008526aac12423 2134 smarty3_3.1.39-2+deb11u1.dsc d89ed84ed9bdf2697df9fb867acb03514ddafc8322e1b31860168adec91e70c2 264604 smarty3_3.1.39.orig.tar.gz 3af7564d1dc9fc93df05926173ba30e9718c5f7786c42091e5001948e36ccfce 9032 smarty3_3.1.39-2+deb11u1.debian.tar.xz 4ae5ca05fb7998736bc9987eeff7679ad67ac22694fdf19f1fa68f2e7e8dcb08 6802 smarty3_3.1.39-2+deb11u1_amd64.buildinfo Changes: smarty3 (3.1.39-2+deb11u1) bullseye-security; urgency=high . * Non-maintainer upload. * Fix the following CVE: - CVE-2021-21408: template authors could run restricted static php methods - CVE-2021-29454: template authors could run arbitrary PHP code by crafting a malicious math string - CVE-2022-29221: template authors could inject php code by choosing a malicious {block} name or {include} file name Files: 77f301398ebb74e7fbfe29ff5898db35 2134 web optional smarty3_3.1.39-2+deb11u1.dsc b2c0e57209c893ceebc2997025d50bb5 264604 web optional smarty3_3.1.39.orig.tar.gz 63599047a276d4ab3f01cd8fda7c6986 9032 web optional smarty3_3.1.39-2+deb11u1.debian.tar.xz 40d945967fe1bf0ab35742fcd2a701c3 6802 web optional smarty3_3.1.39-2+deb11u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmKTZQtfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk504QAJZqk+tCy/wkBJ0byxN2OWiJ7pJJA6BqQib8 FBbZR8Dtdylw1vP3o+QkBfx9bh2RNIL0CYYAx18uxHK8tJDfvvyforJtBfgriXhX G5+pAFGfgmszAlSD6fY7OdokyC21B07dCmbPVFI57sxavDzEUFqoZ7Sdo6DP8z2K c3rtpi2ctyEap47KwBP9gntpmU/VjHSSXBM1J71qlPa15rtvXPfqKzZADoGc1V+O 8JKGaqsprbwBADhl+tw74a2iQHX+1M+CU0opbPreA03jbB+Dd8zxu034kq94/IvJ +k0+M4HmxAyXnyxStRAHldZhfMVXeFHL8j1Je958nWGaW5LxlucI7FOthOo3DNop rmKjKk5FzYR5C6YyZZoaUCSUGAKDMq5uioNugqRjJ1ofUO6y+ubSR0XDlmfVNUeu L3BdC+cuc0gN8vyg3w4E17V+q2QLDJmp9AF+T/k4entpCX5MgmhKLfzRMhgsWKN/ /qVbZT1/djAGwlRK9SuNYT5j8pCZ5hCENlNVHDMljkghssuyBunHUgwB0BOM9y2H CyCJvDShsZiIRJMw3ukJPpAXZUVvtPwMrGhkd6CcaEXvXpZeVMvWE9H5CuMXC7Nf ipiRPc4L2B0u3L6qPErpg0jifK4FqMmSSjuRI3z+6v5zLAEl8/lp2rj+UpUyb/Ra qR7O1v5d =2XlT -----END PGP SIGNATURE-----