-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 06 Dec 2024 14:39:32 +0100 Source: smarty3 Binary: smarty3 Architecture: all Version: 3.1.47-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-conova-01) Changed-By: Tobias Frost Description: smarty3 - Closes: 1033964 1072530 Changes: smarty3 (3.1.47-2+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2023-28447 - JavaScript injection (Closes: #1033964) * CVE-2024-35226 - PHP Code injection by untrusted template authors (Closes: #1072530) * Add simple autopkgtests for the three CVEs. Checksums-Sha1: 717943fa600d1f451f1506dc86915bc61bf426fe 6393 smarty3_3.1.47-2+deb12u1_all-buildd.buildinfo d9873cee4bcf48f0128f82e7e4229fdc639d6413 208376 smarty3_3.1.47-2+deb12u1_all.deb Checksums-Sha256: 335c57582306e41dad3b0e5035356b7c5662048bc54cce31cbcb45b0645d994c 6393 smarty3_3.1.47-2+deb12u1_all-buildd.buildinfo 4ccd0645e39360760655a9352d3c67742fd39c08a22c8064039f02d84b2da2a3 208376 smarty3_3.1.47-2+deb12u1_all.deb Files: 9590f91fcdcdf4681b853902862eb2e6 6393 web optional smarty3_3.1.47-2+deb12u1_all-buildd.buildinfo 8ae94f60e299b093cec052eeda14ad10 208376 web optional smarty3_3.1.47-2+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgdRoRGwEM09wlaMzOni7ZmUpKEcFAmdTBT8ACgkQOni7ZmUp KEdQCA//dXiuAkfXGLgt6oRuo6VrUHwuv4WcmlQFUy4DQgQiJglYOf9zbP1agJk5 ROSHXoMjP4Lss+qMHtS5g4HRsOLyzgNbRt/XCkXq1AgCBwZQ+75BAW1vnWDDIqbx vDiyxHtb6Ojl7GbCax6y09qpHLHuHDqXM0+2HF0RVGn/Qt2vTRJbEhLZ2rro3d5L yZ7iIYBCk6rjxLRQ8TM4NYm8oUmGcLNtQw9TX64ZmytFFJkyAlYHRVVSaHoVUIpq t6ClEBi7nL/jQQzwD8ztVnzXg0nIy1Yx8GALQfg8hXImL80wBuM63cCY4NuzPqcu yPz+W5Pe11uCSrI9f7fvyM45Tnk0z5UWw9U0VZrscMg3SWjCrLpRZXFP19Auj9a0 3Cud8v2UghFWCZvhfpjb2RdZiCuXalFhNTaxlvNHkXK6UhWyrkb5rH1dTUyXqzRd 4cK30JxMH60tWsckWiisgDvMjmxDqQ4zSRmoRedtB7veltl89lfXKC3j8JS94Z5r h6MCnmyOvLJAQ1igm1M9NllbnS4efMSOHa7Q5EbOY1SPAS7Kg5Zdutny1CNsRMlT ckiJIqssVpNalXYInryZCUpCZPZvOQ42QBufec7WEdgBF5e2JQqPHSviXxdaDsAq Nh/M9Ioeh719rHKKh9h0bqZQ1GlVdLyCggeec3u84gXF3ySJUIE= =zNlq -----END PGP SIGNATURE-----