stable

php-Smarty-3.1.47-1.fc36

FEDORA-2022-52154efd61 created by siwinski 2 years ago for Fedora 36

[3.1.47] - 2022-09-14

Security

  • Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454

Fixed

  • Fixed use of rand() without a parameter in math function #794
  • Fixed unselected year/month/day not working in html_select_date #395

[3.1.46] - 2022-08-01

Fixed

  • Fixed problems with smarty_mb_str_replace #549
  • Fixed second parameter of unescape modifier not working #777

[3.1.45] - 2022-05-17

Security

  • Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221

Fixed

  • Math equation max(x, y) didn't work anymore #721

[3.1.44] - 2022-01-18

Fixed

  • Fixed illegal characters bug in math function security check #702

[3.1.43] - 2022-01-10

Security

  • Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408

[3.1.42] - 2022-01-10

Security

  • Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454

[3.1.41] - 2022-01-09

Security

  • Rewrote the mailto function to not use eval when encoding with javascript

[3.1.40] - 2021-10-13

Changed

Security

[3.1.39] - 2021-02-17

Security

  • Prevent access to $smarty.template_object in sandbox mode. This addresses CVE-2021-26119.
  • Fixed code injection vulnerability by using illegal function names in {function name='blah'}{/function}. This addresses CVE-2021-26120.

[3.1.38] - 2021-01-08

Fixed

[3.1.37] - 2021-01-07

Changed

  • Changed error handlers and handling of undefined constants for php8-compatibility (set $errcontext argument optional) https://github.com/smarty-php/smarty/issues/605
  • Changed expected error levels in unit tests for php8-compatibility
  • Travis unit tests now run for all php versions >= 5.3, including php8
  • Travis runs on Xenial where possible

Fixed

  • PHP5.3 compatibility fixes
  • Brought lexer source functionally up-to-date with compiled version

[3.1.36] - 2020-04-14

Fixed

[3.1.35] - 2020-04-14

3.1.34 release - 05.11.2019

13.01.2020 - fix typo in exception message (JercSi) - fix typehint warning with callable (bets4breakfast) - add travis badge and compatability info to readme (matks) - fix stdClass cast when compiling foreach (carpii) - fix wrong set/get methods for memcached (IT-Experte) - fix pborm assigning value to object variables in smarty_internal_compile_assign (Hunman) - exclude error_reporting.ini from git export (glensc)

3.1.34-dev-6 -

30.10.2018 - bugfix a nested subblock in an inheritance child template was not replace by outer level block with same name in same child template https://github.com/smarty-php/smarty/issues/500

29.10.2018 - bugfix Smarty::$php_handling == PHP_PASSTHRU (default) did eat the "\n" (newline) character if it did directly followed a PHP tag like "?>" or other https://github.com/smarty-php/smarty/issues/501

14.10.2018 - bugfix autoloader exit shortcut https://github.com/smarty-php/smarty/issues/467

11.10.2018 - bugfix {insert} not works when caching is enabled and included template is present https://github.com/smarty-php/smarty/issues/496 - bugfix in date-format modifier; NULL at date string or default_date did not produce correct output https://github.com/smarty-php/smarty/pull/458

09.10.2018 - bugfix fix of 26.8.2017 https://github.com/smarty-php/smarty/issues/327 modifier is applied to sum expression https://github.com/smarty-php/smarty/issues/491 - bugfix indexed arrays could not be defined "array(...)""

18.09.2018 - bugfix large plain text template sections without a Smarty tag > 700kB could could fail in version 3.1.32 and 3.1.33 because PHP preg_match() restrictions https://github.com/smarty-php/smarty/issues/488

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-52154efd61

This update has been submitted for testing by siwinski.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

This update has been pushed to testing.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
BZ#2043595 CVE-2021-21408 php-Smarty: template authors could run restricted static php methods [fedora-all]
0
0
BZ#2043596 CVE-2021-21408 php-Smarty: template authors could run restricted static php methods [epel-7]
0
0
BZ#2044970 CVE-2021-29454 php-Smarty: template authors could run arbitrary PHP code by crafting a malicious math string [fedora-all]
0
0
BZ#2044971 CVE-2021-29454 php-Smarty: template authors could run arbitrary PHP code by crafting a malicious math string [epel-7]
0
0
BZ#2088250 CVE-2022-29221 php-Smarty: php injection via malicious block name or include file name [fedora-all]
0
0
BZ#2088251 CVE-2022-29221 php-Smarty: php injection via malicious block name or include file name [epel-7]
0
0
BZ#2126855 php-Smarty: javascript injection in mailto function [epel-7]
0
0
BZ#2126856 php-Smarty: javascript injection in mailto function [fedora-all]
0
0

Automated Test Results