Name | TEMP-0000000-2C7EFD |
Description | incorrect handling of {$smarty.template} and {$smarty.current_dir} |
Source | Automatically generated temporary name. Not for external reference. |
Vulnerable and fixed packages
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
smarty3 (PTS) | jessie, jessie (lts) | 3.1.21-1+deb8u2 | fixed |
| stretch (security), stretch (lts), stretch | 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6 | fixed |
| buster, buster (lts) | 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u3 | fixed |
| buster (security) | 3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u2 | fixed |
| bullseye | 3.1.39-2+deb11u1 | fixed |
| bullseye (security) | 3.1.39-2+deb11u2 | fixed |
| bookworm | 3.1.47-2 | fixed |
| bookworm (security) | 3.1.47-2+deb12u1 | fixed |
| sid, trixie | 3.1.48-2 | fixed |
The information below is based on the following data on fixed versions.
Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
---|
smarty | source | (unstable) | (unfixed) | unimportant | | |
smarty3 | source | (unstable) | 3.0.8-1 | unimportant | | |
Notes
http://www.smarty.net/forums/viewtopic.php?t=18815
http://code.google.com/p/smarty-php/source/detail?r=3989
https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb(3.0.7)
non-issue in practice, if you can place arbitrary template files you have worse problems