666440 – (CVE-2018-13982) <dev-php/smarty-3.1.33: path traversal vulnerability (CVE-2018-13982 and CVE-2018-16831)

Bug 666440 (CVE-2018-13982) - <dev-php/smarty-3.1.33: path traversal vulnerability (CVE-2018-13982 and CVE-2018-16831)

Summary: <dev-php/smarty-3.1.33: path traversal vulnerability (CVE-2018-13982 and CVE-...

Status:	RESOLVED FIXED

Alias:	CVE-2018-13982

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://seclists.org/oss-sec/2018/q3/246
Whiteboard:	B3 [noglsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2018-09-17 21:16 UTC by Michael Orlitzky
Modified:	2019-05-02 22:40 UTC (History)
CC List:	1 user (show)

See Also:
Package list:	=dev-php/smarty-3.1.33
Runtime testing required:	---

Flags:	stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Orlitzky gentoo-dev

2018-09-17 21:16:55 UTC

Versions of smarty before 3.1.33 are vulnerable to a path traversal vulnerability (see $url). I believe the original CVE for this issue was CVE-2018-13982 and that  CVE-2018-16831 was issued for an incomplete fix that didn't work on Linux.

Comment 1 Larry the Git Cow gentoo-dev

2018-09-17 21:21:56 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb4e94e6fbc8e0781b621ee61c52b192529e7714

commit cb4e94e6fbc8e0781b621ee61c52b192529e7714
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2018-09-17 21:17:48 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2018-09-17 21:21:10 +0000

    dev-php/smarty: new version 3.1.33 to fix CVE-2018-13982.
    
    Bug: https://bugs.gentoo.org/666440
    Package-Manager: Portage-2.3.40, Repoman-2.3.9

 dev-php/smarty/Manifest             |  1 +
 dev-php/smarty/smarty-3.1.33.ebuild | 46 +++++++++++++++++++++++++++++++++++++
 2 files changed, 47 insertions(+)

Comment 2 Aaron Bauman (RETIRED) gentoo-dev

2019-03-10 04:20:58 UTC

@arches, please stabilize.

Comment 3 Sergei Trofimovich (RETIRED) gentoo-dev

2019-03-10 22:31:28 UTC

ia64 stable

Comment 4 Rolf Eike Beer archtester

2019-03-11 22:02:18 UTC

sparc stable

Comment 5 Sergei Trofimovich (RETIRED) gentoo-dev

2019-03-11 22:46:53 UTC

hppa stable

Comment 6 Agostino Sarubbo gentoo-dev

2019-03-14 21:14:46 UTC

amd64 stable

Comment 7 Sergei Trofimovich (RETIRED) gentoo-dev

2019-03-17 09:47:27 UTC

ppc stable

Comment 8 Sergei Trofimovich (RETIRED) gentoo-dev

2019-03-17 09:52:42 UTC

ppc64 stable

Comment 9 Thomas Deutschmann (RETIRED) gentoo-dev

2019-03-27 23:46:42 UTC

x86 stable

Comment 10 Mikle Kolyada (RETIRED) archtester

2019-05-02 21:09:08 UTC

alpha stable

Comment 11 Larry the Git Cow gentoo-dev

2019-05-02 22:40:11 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d38cf949be695e971aa9d35dcdeb806eb509469b

commit d38cf949be695e971aa9d35dcdeb806eb509469b
Author:     Michael Orlitzky <mjo@gentoo.org>
AuthorDate: 2019-05-02 22:39:40 +0000
Commit:     Michael Orlitzky <mjo@gentoo.org>
CommitDate: 2019-05-02 22:39:40 +0000

    dev-php/smarty: remove old vulnerable versions.
    
    Bug: https://bugs.gentoo.org/666440
    Signed-off-by: Michael Orlitzky <mjo@gentoo.org>
    Package-Manager: Portage-2.3.62, Repoman-2.3.11

 dev-php/smarty/Manifest             |  3 ---
 dev-php/smarty/smarty-3.1.30.ebuild | 46 -------------------------------------
 dev-php/smarty/smarty-3.1.31.ebuild | 46 -------------------------------------
 dev-php/smarty/smarty-3.1.32.ebuild | 46 -------------------------------------
 4 files changed, 141 deletions(-)