Your message dated Fri, 09 Feb 2018 23:49:07 +0000
with message-id <e1ekipj-0005et...@fasolo.debian.org>
and subject line Bug#886460: fixed in smarty3 
3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1
has caused the Debian Bug report #886460,
regarding smarty3: CVE-2017-1000480
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
886460: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886460
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: smarty3
Version: 3.1.31+20161214.1.c7d42e4+selfpack1-2
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for smarty3.

CVE-2017-1000480[0]:
| Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when
| calling fetch() or display() functions on custom resources that does
| not sanitize template name.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-1000480
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000480

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: smarty3
Source-Version: 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1

We believe that the bug you reported is fixed in the latest version of
smarty3, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 886...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Mike Gabriel <sunwea...@debian.org> (supplier of updated smarty3 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sun, 14 Jan 2018 13:16:25 +0100
Source: smarty3
Binary: smarty3
Architecture: source all
Version: 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Mike Gabriel <sunwea...@debian.org>
Changed-By: Mike Gabriel <sunwea...@debian.org>
Description:
 smarty3    - ${phpcomposer:description}
Closes: 886460
Changes:
 smarty3 (3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1) stretch-security; 
urgency=medium
 .
   * debian/patches:
     + Add 0001_CVE-2017-1000480.patch. Fixes CVE-2017-1000480. (Closes:
       #886460).
Checksums-Sha1:
 7e070931a87db424b1ae10fa78b600dfe4c04544 2234 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.dsc
 9b92d2278a428304088cd41df972abc6a3e0baa3 193520 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1.orig.tar.xz
 9ac42d817a7a49f1421b6c9f14d2da1b455cd639 6684 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.debian.tar.xz
 ae03ecd57f35aeba8957c878f141727f0ac9932a 202912 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1_all.deb
 be65e99b4d6b51c36a98205e659a31ed98cf2530 6403 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1_amd64.buildinfo
Checksums-Sha256:
 10e2aa393ffd25d2598a6a44afcc4bfb96622d3bff92d2d3b641c7508adfec90 2234 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.dsc
 3acc5bca607e820dc97af239ef353f39e8b091c00c6de16a263e4db83e143c39 193520 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1.orig.tar.xz
 70433c01ce2770ad8691d7d79418cea482ed02b6a19e24636eff5070c92b8663 6684 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.debian.tar.xz
 e6be8ece63de2cf52b75d0ec843b4370b5badd2cfe2c478cd7de1748084bfee7 202912 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1_all.deb
 f6c27a9a2fd90701602dcbf10746a9966c9be54c66c4df3b335fe4cda7962171 6403 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1_amd64.buildinfo
Files:
 e3d49b56862bfe430710c69ba1696925 2234 web optional 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.dsc
 10775de017ca871723bdefa5ad86a17c 193520 web optional 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1.orig.tar.xz
 534abb3cb83b3d6fc0043802c0d75d22 6684 web optional 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1.debian.tar.xz
 ce5adb14ffc4691d15ba01f85ef50e51 202912 web optional 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1_all.deb
 3f4398344a9591b4dcbaa07d37b57290 6403 web optional 
smarty3_3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlpchBAVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx0HwP/jzGl7tDKeyocfJPLYrB/IC4dGkw
kzcRcXYUrtSpWbXgk9kwYS2sqRZ6F/pH3UikuIHFxyqhm5wthd5o/P0J2s6YURuC
e//jAMFpmJcRvmSz4yFUbxUvW+/E4DE2Nct8Sjfrc1dNhdVVfK+r803mEDjZ2lsP
/0jmWjlkyMSIorV/hzfe0ihd3pAFXh3jxVS/DquMdjKNm3dNxvdXa2jUl6EFWekd
39SG7Z5soozhz5j+UOCl12+pmrcCpo0g44xfdnjTApG1gNk5ZwIwFBlLCJawbvrL
nrgTK7Cncu/DYZLyyrVJY1iLQDNoR89nxlRt2ADboHJrWrwIyL2z8YKKVAxn2qpv
dFE6Y99splkdDjpsbFTgq8oeTqd9wHjuS7OMCy0KlJf6zGYzxdRfnJGXn41PRaef
4DnDpxgMPR/y46EDji3doqP3R5trNCFiaw8KsZKRRcyiUcs4g1IBfQ5/EKlP0hFd
nEy17HCOUsDgXtgSzPCWKQDAEnheDRtzftLuiemqNmL/tNzfPrCNOBuee0gKST3h
mShVfitN1fcmWXOdkKu+aVkm8HryX9Zz/h4Ey2tG7FkL8NOOtWFEswFddkfDoJXD
7RbWHvAsRhgbQgu/sE9lCgVo11RCMPypmpKEfkkqK572wsD9rPL/xP5Xm+tvMNbT
3SzXHMzBfWqVLp2e
=uXjx
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to