UbuntuUpdates.org

Package "smarty3"

Name: smarty3

Description:

Smarty - the compiling PHP template engine
Latest version: 3.1.39-2ubuntu1.22.04.2
Release: jammy (22.04)
Level: updates
Repository: universe
Homepage: http://www.smarty.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "smarty3"

All arch deb package
APT INSTALL

Other versions of "smarty3" in Jammy

Repository Area Version
base universe 3.1.39-2ubuntu1
security universe 3.1.39-2ubuntu1.22.04.2

Changelog

Version: 3.1.39-2ubuntu1.22.04.2 2024-12-13 02:07:08 UTC

  smarty3 (3.1.39-2ubuntu1.22.04.2) jammy-security; urgency=medium

  * SECURITY UPDATE: Cross site scripting vulnerability
    - debian/patches/CVE-2018-25047.patch: Applied appropriate
      javascript and html escaping in mailto plugin to counter injection
      attacks.
    - debian/patches/CVE-2023-28447.patch: Implement fix and tests
    - debian/patches/CVE-2024-35226.patch: Fixed a code injection
      vulnerability in extends-tag.
    - CVE-2018-25047
    - CVE-2023-28447
    - CVE-2024-35226

 -- Paulo Flabiano Smorigo <email address hidden> Fri, 29 Nov 2024 10:49:51 -0300
Source diff to previous version
CVE-2018-25047 In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that coul
CVE-2023-28447 Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerabilit
CVE-2024-35226 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template aut

Version: 3.1.39-2ubuntu1.22.04.1 2023-04-12 15:06:55 UTC

  smarty3 (3.1.39-2ubuntu1.22.04.1) jammy-security; urgency=medium

  * SECURITY UPDATE: PHP code injection by malicious block or filename
    - debian/patches/CVE-2022-29221.patch: Prevents a PHP code injection by
      defining a new escaping function in
      libs/sysplugins/smarty_internal_templatecompilerbase.php and using it in
      multiple files: libs/sysplugins/smarty_internal_compile_block.php,
      libs/sysplugins/smarty_internal_compile_function.php,
      libs/sysplugins/smarty_internal_compile_include.php,
      libs/sysplugins/smarty_internal_config_file_compiler.php,
      libs/sysplugins/smarty_internal_runtime_codeframe.php, and
      libs/sysplugins/smarty_internal_templatecompilerbase.php.
    - CVE-2022-29221

 -- George-Andrei Iosif <email address hidden> Mon, 10 Apr 2023 17:18:37 +0300
CVE-2022-29221 Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1.


About   -   Send Feedback to @ubuntu_updates