Summary: | <dev-php/smarty-4.2.1: javascript injection in mailto function | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mjo, php-bugs |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/smarty-php/smarty/releases/tag/v4.2.1 | ||
Whiteboard: | B3 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
John Helmert III
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=898b60b9cf30aa263de97a7c31ff2b548dfa790c commit 898b60b9cf30aa263de97a7c31ff2b548dfa790c Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-09-14 13:13:41 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2022-09-14 13:17:04 +0000 dev-php/smarty: add 4.2.1 to fix a javascript injection. This new version also drops the old HTML manual that was downloaded with USE=doc. The modern smarty docs are included in the git repo, but not presently in the release tarballs... Bug: https://bugs.gentoo.org/870100 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-php/smarty/Manifest | 1 + dev-php/smarty/smarty-4.2.1.ebuild | 40 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 41 insertions(+) I'll stabilize it myself (ALLARCHES) in a few days if nobody complains that their website is broken. Thanks! I'll request a CVE. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1b21bff346e9359b7a598d89dc5a9e31fd0eef57 commit 1b21bff346e9359b7a598d89dc5a9e31fd0eef57 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-09-16 12:33:36 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2022-09-16 12:37:01 +0000 dev-php/smarty: drop 4.1.1 Bug: https://bugs.gentoo.org/870100 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-php/smarty/Manifest | 2 -- dev-php/smarty/smarty-4.1.1.ebuild | 46 -------------------------------------- 2 files changed, 48 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb069d4823d9c1cbc10d8e2a7e83159784960601 commit eb069d4823d9c1cbc10d8e2a7e83159784960601 Author: Michael Orlitzky <mjo@gentoo.org> AuthorDate: 2022-09-16 12:33:04 +0000 Commit: Michael Orlitzky <mjo@gentoo.org> CommitDate: 2022-09-16 12:37:01 +0000 dev-php/smarty: stabilize 4.2.1 (ALLARCHES). Bug: https://bugs.gentoo.org/870100 Signed-off-by: Michael Orlitzky <mjo@gentoo.org> dev-php/smarty/smarty-4.2.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Thanks! GLSA request filed GLSA released, all done! The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=a88876e54c65e1f5a5171c7ff1dd318ddf93bedd commit a88876e54c65e1f5a5171c7ff1dd318ddf93bedd Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-09-25 13:34:41 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-09-25 13:42:21 +0000 [ GLSA 202209-09 ] Smarty: Multiple vulnerabilities Bug: https://bugs.gentoo.org/830980 Bug: https://bugs.gentoo.org/845180 Bug: https://bugs.gentoo.org/870100 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202209-09.xml | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) |