Information on source package smarty3

Available versions

ReleaseVersion
jessie (security)3.1.21-1+deb8u2
stretch (security)3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1
buster3.1.32+20180424.1.ac9d4b58+selfpack1-1
sid3.1.33+20180830.1.3a78a21f+selfpack1-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-16831vulnerablevulnerablevulnerablefixedSmarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ...
CVE-2018-13982vulnerablevulnerablevulnerablefixed

Resolved issues

BugDescription
TEMP-0000000-2C7EFDincorrect handling of {$smarty.template} and {$smarty.current_dir}
CVE-2017-1000480Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...
CVE-2014-8350Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...
CVE-2012-4437Cross-site scripting (XSS) vulnerability in the SmartyException class ...
CVE-2012-4277Cross-site scripting (XSS) vulnerability in the ...
CVE-2011-1028
CVE-2010-4727Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> ...
CVE-2010-4726Unspecified vulnerability in the math plugin in Smarty before 3.0.0 ...
CVE-2010-4725Smarty before 3.0.0 RC3 does not properly handle an on value of the ...
CVE-2010-4724Multiple unspecified vulnerabilities in the parser implementation in ...
CVE-2010-4723Smarty before 3.0.0, when security is enabled, does not prevent access ...
CVE-2010-4722Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 ...
CVE-2009-5054Smarty before 3.0.0 beta 4 does not consider the umask value when ...
CVE-2009-5053Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ...
CVE-2009-5052Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 ...

Security announcements

DSA / DLADescription
DLA-1249-2smarty3 - regression update
DSA-4094-2smarty3 - regression update
DSA-4094-1smarty3 - security update
DSA-4094-1smarty3 - security update
DLA-1249-1smarty3 - security update
DLA-452-1smarty3 - security update

Search for package or bug name: Reporting problems