dev-php/smarty-3.1.30 fixes a shell injection vulnerability with templates that use the math function in a template. The template must contain backticks or dollar signs as part of the {math} call on disk AND not have the math function disabled by security features in the running script. Ebuild has been added to the tree. It is ready to stable with ALLARCHES.
Marking this as a B4 as it would be considered more of a flaw vice a vulnerability. Per the upstream comments: "Many minor bug fixes and enhancements. One {math} shell injection vulnerability patch provided by Tim Weber. Note this is only vulnerable to those with template write access using security features." @PHP, can we please mark this stable per the ALLARCHES policy?
(In reply to Aaron Bauman from comment #1) > > @PHP, can we please mark this stable per the ALLARCHES policy? Yes please.
@PHP, package marked stable per ALLARCH policy. Please let us know when you are ready to clean the vulnerable ebuilds. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=483491fd82409bfd0ec032db979e759fff7881a3
(In reply to Aaron Bauman from comment #3) > Please let us know when you are ready to clean the vulnerable ebuilds. I just removed them.
GLSA Vote: No