Summary: | <dev-php/smarty-3.1.39: multiple vulnerabilities (CVE-2021-{26119,26120}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | mjo, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/smarty-php/smarty/blob/master/CHANGELOG.md | ||
Whiteboard: | B2 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
2021-02-22 23:53:36 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e9bdc8cf072043af5e8a2b02cdd52c2a9fe476e2 commit e9bdc8cf072043af5e8a2b02cdd52c2a9fe476e2 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2021-02-23 03:37:33 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2021-02-23 03:37:33 +0000 dev-php/smarty: new upstream version 3.1.39 with two security fixes. Bug: https://bugs.gentoo.org/772206 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-php/smarty/Manifest | 2 +- dev-php/smarty/{smarty-3.1.36.ebuild => smarty-3.1.39.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) We skipped v3.1.37, but the only changes there were for compatibility with various new/old versions of PHP. v3.1.38 was a no-op, and v3.1.39 is security fixes. So this should be safe to stabilize right away. (In reply to Michael Orlitzky from comment #2) > We skipped v3.1.37, but the only changes there were for compatibility with > various new/old versions of PHP. v3.1.38 was a no-op, and v3.1.39 is > security fixes. So this should be safe to stabilize right away. Thanks! amd64 ppc ppc64 sparc x86 (ALLARCHES) done all arches done The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=496ec07666e299bee0b0717da214e03cce24c362 commit 496ec07666e299bee0b0717da214e03cce24c362 Author: Brian Evans <grknight@gentoo.org> AuthorDate: 2021-02-24 17:56:34 +0000 Commit: Brian Evans <grknight@gentoo.org> CommitDate: 2021-02-24 17:56:34 +0000 dev-php/smarty: Cleanup vulnerable version Bug: https://bugs.gentoo.org/772206 Signed-off-by: Brian Evans <grknight@gentoo.org> dev-php/smarty/Manifest | 1 - dev-php/smarty/smarty-3.1.33.ebuild | 46 ------------------------------------- 2 files changed, 47 deletions(-) Thanks! New GLSA request filed. This issue was resolved and addressed in GLSA 202105-06 at https://security.gentoo.org/glsa/202105-06 by GLSA coordinator Thomas Deutschmann (whissi). |