-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 30 May 2022 08:24:30 +0200 Source: smarty3 Architecture: source Version: 3.1.45-1 Distribution: unstable Urgency: medium Maintainer: Mike Gabriel <sunweaver@debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 1011758 Changes: smarty3 (3.1.45-1) unstable; urgency=medium . * New upstream release. - CVE-2021-21408: Prevent template authors from running restricted static php methods. (see smarty4 bug #1010375). - CVE-2021-29454: Prevent template authors from running arbitrary PHP code by crafting a malicious math string. (see smarty4 bug #1010375, as well). - CVE-2022-29221: Prevent template authors from injecting PHP code by choosing malicious filenames. (Closes: #1011758). * debian/watch: + Only watch 3.x versions of Smarty. * debian/control: + Bump Standards-Version: to 4.6.1. No changes needed. * debian/copyright: + Update copyright attributions. Checksums-Sha1: 63ceee77103b035d6f069c36e24d7172d4bd72dc 1980 smarty3_3.1.45-1.dsc 5125692feefb89d40e5a08ea586d22a2b1e21c0d 265781 smarty3_3.1.45.orig.tar.gz 4c25d3866cf57a4863f765a5ec617842457b051a 5780 smarty3_3.1.45-1.debian.tar.xz 1103fce3b88174d4b4669176d63bb655981d2823 6780 smarty3_3.1.45-1_source.buildinfo Checksums-Sha256: 19dae472ffbc91d1834036fce8b9f5862e479f83e8c737b72562e817b1947da9 1980 smarty3_3.1.45-1.dsc 4e8dcc8b52ea097b93d32aa432cb552547568ae328505d25af078d63354a9a83 265781 smarty3_3.1.45.orig.tar.gz c4edf77410cae38bf829f0a90ee1f7fb18d62b6386101e851450eb9abd07a8b7 5780 smarty3_3.1.45-1.debian.tar.xz b86b89e55e7eccfe82ec1f9f751ae079694aef9fa542908b6926dfe59284c358 6780 smarty3_3.1.45-1_source.buildinfo Files: 266cff1a53aca7cb2e77ffa9a2d8b007 1980 web optional smarty3_3.1.45-1.dsc c1b5d7acb43485c43973f0fb1e0d64c6 265781 web optional smarty3_3.1.45.orig.tar.gz 8ebcbddef610a7961748465ee462bf29 5780 web optional smarty3_3.1.45-1.debian.tar.xz 2ec7321bf307044062d4b38b77e16568 6780 web optional smarty3_3.1.45-1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmKUY7gVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxwIEP/2WPOapeZS4HKe/PQxq4olraSljS PYc6fCzOgJQSJ8S/Yh+IuCFS63bXTbQsJ3W2D9HY6mPthazDUSXq8sexQnGULR8l E7JVtJzCR4zkvuD2/r4yuN7fl8LGvIci5uFJ1OkIXls1scMnKxwMGJnkM7AYPmsj 6sEYqkUbXCfOFzQSFfUcSbv8kBigzTRgfaqxCuFpLI1S8oNsUWsWH5MICBIBBcRL oR16HcacKVPmAolm5YhuoeePVy55pBijFFApc8NAJrytcy1We1uNVlO+o77LoDzi 9UJgyhow300zCaIidqByyxBZah0k9stmA90E70thFSQoiVazLoNGLvV8uUMj5Df2 MQTEB1wIbOw1QjPJQneTaPcjusywtA5NEnWETAFai70VNC61qf2XCsfq3E4q/Y5V f25l9SBLtYjTu1hDeHS1GGopklNX/ZqZXkEH9T0RcqiYnLt5GnoDH+aPvCg+urwn iKgZZHyRWkTsJY5uQDlQulcgXekBLcrxClx7EmLJqpOrQeV7414vKCZYX7VJuwSO M7Xl7N0v5fCZAbRsJvckZCwM1lliyhfjca6y9NF75dcMFiCxME8hAwTooc76gd+V 6G9jvfhHWHHqdxUE3HupChGV9lBUVRpYHz8/T3nfDJMdL1yCpA54zJF+53dBU5HN M6QEO3nj20bxsU7E =gA49 -----END PGP SIGNATURE-----
