Package "smarty3"
Name: |
smarty3
|
Description: |
Smarty - the compiling PHP template engine
|
Latest version: |
3.1.39-2ubuntu1.22.04.2 |
Release: |
jammy (22.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
http://www.smarty.net/ |
Links
Download "smarty3"
Other versions of "smarty3" in Jammy
Changelog
smarty3 (3.1.39-2ubuntu1.22.04.2) jammy-security; urgency=medium
* SECURITY UPDATE: Cross site scripting vulnerability
- debian/patches/CVE-2018-25047.patch: Applied appropriate
javascript and html escaping in mailto plugin to counter injection
attacks.
- debian/patches/CVE-2023-28447.patch: Implement fix and tests
- debian/patches/CVE-2024-35226.patch: Fixed a code injection
vulnerability in extends-tag.
- CVE-2018-25047
- CVE-2023-28447
- CVE-2024-35226
-- Paulo Flabiano Smorigo <email address hidden> Fri, 29 Nov 2024 10:49:51 -0300
|
Source diff to previous version |
CVE-2018-25047 |
In Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.mailto.php allows XSS. A web page that uses smarty_function_mailto, and that coul |
CVE-2023-28447 |
Smarty is a template engine for PHP. In affected versions smarty did not properly escape javascript code. An attacker could exploit this vulnerabilit |
CVE-2024-35226 |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. In affected versions template aut |
|
smarty3 (3.1.39-2ubuntu1.22.04.1) jammy-security; urgency=medium
* SECURITY UPDATE: PHP code injection by malicious block or filename
- debian/patches/CVE-2022-29221.patch: Prevents a PHP code injection by
defining a new escaping function in
libs/sysplugins/smarty_internal_templatecompilerbase.php and using it in
multiple files: libs/sysplugins/smarty_internal_compile_block.php,
libs/sysplugins/smarty_internal_compile_function.php,
libs/sysplugins/smarty_internal_compile_include.php,
libs/sysplugins/smarty_internal_config_file_compiler.php,
libs/sysplugins/smarty_internal_runtime_codeframe.php, and
libs/sysplugins/smarty_internal_templatecompilerbase.php.
- CVE-2022-29221
-- George-Andrei Iosif <email address hidden> Mon, 10 Apr 2023 17:18:37 +0300
|
CVE-2022-29221 |
Smarty is a template engine for PHP, facilitating the separation of presentation (HTML/CSS) from application logic. Prior to versions 3.1.45 and 4.1. |
|
About
-
Send Feedback to @ubuntu_updates