Fix at $URL, from a third-party advisory at http://secunia.com/advisories/44842/. DESCRIPTION: A vulnerability has been discovered in Smarty, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to the "{fetch}" tag not properly honoring the security policy, which can be exploited to e.g. bypass the "secure_dir" setting. The vulnerability is confirmed in version 3.0.8. Other versions may also be affected.
3.0.8 not in tree, 3.* branch has never been stabilized. Closing noglsa.