Information on source package smarty3

Available versions

ReleaseVersion
jessie3.1.21-1+deb8u2
stretch3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u6
buster3.1.33+20180830.1.3a78a21f+selfpack1-1+deb10u2
bullseye3.1.39-2+deb11u1
bookworm3.1.47-2
sid3.1.48-1

Open issues

BugjessiestretchbusterbullseyebookwormsidDescription
CVE-2024-35226vulnerablevulnerablevulnerablevulnerablevulnerablevulnerableSmarty is a template engine for PHP, facilitating the separation of pr ...
CVE-2023-28447vulnerablevulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerable (no DSA)fixedSmarty is a template engine for PHP. In affected versions smarty did n ...
CVE-2022-29221vulnerablefixedfixedfixedfixedfixedSmarty is a template engine for PHP, facilitating the separation of pr ...
CVE-2021-29454vulnerablefixedfixedfixedfixedfixedSmarty is a template engine for PHP, facilitating the separation of pr ...
CVE-2021-26120vulnerablefixedfixedfixedfixedfixedSmarty before 3.1.39 allows code injection via an unexpected function ...
CVE-2021-26119vulnerablefixedfixedfixedfixedfixedSmarty before 3.1.39 allows a Sandbox Escape because $smarty.template_ ...
CVE-2021-21408vulnerablefixedfixedfixedfixedfixedSmarty is a template engine for PHP, facilitating the separation of pr ...
CVE-2018-25047vulnerablevulnerablefixedvulnerable (no DSA)fixedfixedIn Smarty before 3.1.47 and 4.x before 4.2.1, libs/plugins/function.ma ...

Resolved issues

BugDescription
TEMP-0000000-2C7EFDincorrect handling of {$smarty.template} and {$smarty.current_dir}
CVE-2018-16831Smarty before 3.1.33-dev-4 allows attackers to bypass the trusted_dir ...
CVE-2018-13982Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is pro ...
CVE-2017-1000480Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when call ...
CVE-2014-8350Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...
CVE-2012-4437Cross-site scripting (XSS) vulnerability in the SmartyException class ...
CVE-2012-4277Cross-site scripting (XSS) vulnerability in the smarty_function_html_o ...
CVE-2011-1028The $smarty.template variable in Smarty3 allows attackers to possibly ...
CVE-2010-4727Smarty before 3.0.0 beta 7 does not properly handle the <?php and ?> t ...
CVE-2010-4726Unspecified vulnerability in the math plugin in Smarty before 3.0.0 RC ...
CVE-2010-4725Smarty before 3.0.0 RC3 does not properly handle an on value of the as ...
CVE-2010-4724Multiple unspecified vulnerabilities in the parser implementation in S ...
CVE-2010-4723Smarty before 3.0.0, when security is enabled, does not prevent access ...
CVE-2010-4722Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 h ...
CVE-2009-5054Smarty before 3.0.0 beta 4 does not consider the umask value when sett ...
CVE-2009-5053Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ...
CVE-2009-5052Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 hav ...

Security announcements

DSA / DLADescription
DLA-3262-1smarty3 - security update
DSA-5151-1smarty3 - security update
DLA-3033-1smarty3 - security update
DLA-2995-1smarty3 - security update
DLA-2618-3smarty3 - regression update
DLA-2618-2smarty3 - regression update
DLA-2618-1smarty3 - security update
DLA-1249-2smarty3 - regression update
DSA-4094-2smarty3 - regression update
DSA-4094-1smarty3 - security update
DLA-1249-1smarty3 - security update
DLA-452-1smarty3 - security update

Search for package or bug name: Reporting problems