2 security issues in stretch
There are 2 open security issues in stretch.
Please fix them.
2 important issues:
- CVE-2018-16831: Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir protection mechanism via a file:./../ substring in an include statement.
- CVE-2018-13982: Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the executed template code to bypass the trusted directory security restriction and read arbitrary files.
Standards version of the package is outdated.
The package should be updated to follow the last version of Debian Policy
(Standards-Version 4.4.0 instead of