| Summary: | <dev-php/smarty-4.1.1: php injection via malicious block name or include file name | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | mjo, php-bugs |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://github.com/smarty-php/smarty/releases/tag/v4.1.1 | ||
| Whiteboard: | B2 [glsa+] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
John Helmert III
2022-05-17 14:26:32 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18834a17deb847788ac32a80f9ddaa2cff861560 commit 18834a17deb847788ac32a80f9ddaa2cff861560 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-05-17 23:28:04 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2022-05-17 23:28:04 +0000 dev-php/smarty: add upstream v4.1.1 with a fix for CVE-2022-29221. Bug: https://bugs.gentoo.org/845180 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-php/smarty/Manifest | 1 + dev-php/smarty/smarty-4.1.1.ebuild | 46 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+) Thanks! Please stabilize when ready. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b9e0097b154d630a2c16d3054640f77fec153d62 commit b9e0097b154d630a2c16d3054640f77fec153d62 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-05-27 12:41:02 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2022-05-27 12:41:02 +0000 dev-php/smarty: security cleanup of old v4.0.4. Bug: https://bugs.gentoo.org/845180 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-php/smarty/Manifest | 1 - dev-php/smarty/smarty-4.0.4.ebuild | 46 -------------------------------------- 2 files changed, 47 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c0bf4e1b1264344c1cfeb88707c229f7f3ae1a5a commit c0bf4e1b1264344c1cfeb88707c229f7f3ae1a5a Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-05-27 12:39:12 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2022-05-27 12:39:18 +0000 dev-php/smarty: maintainer stabilize (ALLARCHES) the latest v4.1.1. Bug: https://bugs.gentoo.org/845180 Package-Manager: Portage-3.0.30, Repoman-3.0.3 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-php/smarty/smarty-4.1.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks! GLSA request filed GLSA released, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a88876e54c65e1f5a5171c7ff1dd318ddf93bedd commit a88876e54c65e1f5a5171c7ff1dd318ddf93bedd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-25 13:34:41 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-25 13:42:21 +0000 [ GLSA 202209-09 ] Smarty: Multiple vulnerabilities Bug: https://bugs.gentoo.org/830980 Bug: https://bugs.gentoo.org/845180 Bug: https://bugs.gentoo.org/870100 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-09.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) |