Versions of smarty before 3.1.33 are vulnerable to a path traversal vulnerability (see $url). I believe the original CVE for this issue was CVE-2018-13982 and that CVE-2018-16831 was issued for an incomplete fix that didn't work on Linux.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb4e94e6fbc8e0781b621ee61c52b192529e7714 commit cb4e94e6fbc8e0781b621ee61c52b192529e7714 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2018-09-17 21:17:48 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2018-09-17 21:21:10 +0000 dev-php/smarty: new version 3.1.33 to fix CVE-2018-13982. Bug: https://bugs.gentoo.org/666440 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-php/smarty/Manifest | 1 + dev-php/smarty/smarty-3.1.33.ebuild | 46 +++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+)
@arches, please stabilize.
ia64 stable
sparc stable
hppa stable
amd64 stable
ppc stable
ppc64 stable
x86 stable
alpha stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d38cf949be695e971aa9d35dcdeb806eb509469b commit d38cf949be695e971aa9d35dcdeb806eb509469b Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2019-05-02 22:39:40 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2019-05-02 22:39:40 +0000 dev-php/smarty: remove old vulnerable versions. Bug: https://bugs.gentoo.org/666440 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> Package-Manager: Portage-2.3.62, Repoman-2.3.11 dev-php/smarty/Manifest | 3 --- dev-php/smarty/smarty-3.1.30.ebuild | 46 ------------------------------------- dev-php/smarty/smarty-3.1.31.ebuild | 46 ------------------------------------- dev-php/smarty/smarty-3.1.32.ebuild | 46 ------------------------------------- 4 files changed, 141 deletions(-)