Your message dated Sat, 10 Feb 2018 21:09:38 +0000 with message-id <e1ekcow-000d5u...@fasolo.debian.org> and subject line Bug#886460: fixed in smarty3 3.1.21-1+deb8u1 has caused the Debian Bug report #886460, regarding smarty3: CVE-2017-1000480 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 886460: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=886460 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: smarty3 Version: 3.1.31+20161214.1.c7d42e4+selfpack1-2 Severity: important Tags: security upstream Hi, the following vulnerability was published for smarty3. CVE-2017-1000480[0]: | Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when | calling fetch() or display() functions on custom resources that does | not sanitize template name. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000480 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000480 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: smarty3 Source-Version: 3.1.21-1+deb8u1 We believe that the bug you reported is fixed in the latest version of smarty3, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 886...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunwea...@debian.org> (supplier of updated smarty3 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 15 Jan 2018 11:49:37 +0100 Source: smarty3 Binary: smarty3 Architecture: source all Version: 3.1.21-1+deb8u1 Distribution: jessie-security Urgency: medium Maintainer: Mike Gabriel <sunwea...@debian.org> Changed-By: Mike Gabriel <sunwea...@debian.org> Description: smarty3 - Template engine for PHP Closes: 886460 Changes: smarty3 (3.1.21-1+deb8u1) jessie-security; urgency=medium . * debian/patches: + Add 0001_CVE-2017-1000480.patch. Fixes CVE-2017-1000480. (Closes: #886460). Checksums-Sha1: 216f462b8136d1f0f808d3c909d8b2ecd25c4203 1902 smarty3_3.1.21-1+deb8u1.dsc 46edd54a87e1e33b1b4bee71999e92ba5c4273fb 207705 smarty3_3.1.21.orig.tar.gz 09f6ee03ef8c188824876a6a2a35fc7c6d301b44 16060 smarty3_3.1.21-1+deb8u1.debian.tar.xz a3cfb80df363c91c18dbf95a100db3184561e3e3 165914 smarty3_3.1.21-1+deb8u1_all.deb Checksums-Sha256: 3f46fd16812f278b7ffa1dcbf5cc74cfe33e7d9be0b136997a613721392dff62 1902 smarty3_3.1.21-1+deb8u1.dsc 9597569443d80705fa7042bfa446786390b770e2ef4c49a08553a715cb1b93ed 207705 smarty3_3.1.21.orig.tar.gz f266cc9101452622e40180582c290f385ed9a924a2b45ac2ee5c44739c0c680c 16060 smarty3_3.1.21-1+deb8u1.debian.tar.xz e99fe95345733f9cc7a72753ec98826a1937b46a043dfb7b1070809911088d7d 165914 smarty3_3.1.21-1+deb8u1_all.deb Files: cd9bf25dfdd1cf81a959b667bf65550e 1902 web optional smarty3_3.1.21-1+deb8u1.dsc 44600c60cf473292529687de8e69134e 207705 web optional smarty3_3.1.21.orig.tar.gz 9657abd62945ce2f51838f642a30598f 16060 web optional smarty3_3.1.21-1+deb8u1.debian.tar.xz 08a73ff8dc8d320fe915a70cb30dc777 165914 web optional smarty3_3.1.21-1+deb8u1_all.deb -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAlpikzQVHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxNi4P/0/L388KqB2tPkA5Kz9MP4mAXizj Jg1+cjl8msEdyA8m1Sv7wJ1+KjnqRQDPoxZHRGLRNSB99yVfy9ISaHce/zT27ZDn K5RtlX5fufZkTT0vwIDfbBZ/XRdCzDopKr27mT0uIVkNfHvXAQkOJbKmtk2lzMd5 BJKUx6yIwFEo+NOaKtxQTou9NVABNy+HGMesvkPSt9FanwW9QTf08c5XQWFIN7nm IwOM9zDKdEnvFgcQkeDIpgZeUXUnLu4xU1x1Dso1TM6Jfng3hbV/0SmqfsjLi4PQ HjLVLxLbqXrmeAOQR19dq03lsqrHfOVsvzDtCYVIl9Vc8e1ZoP0xp1GX7+E4ia2C d2XzXrtwUTg6Ask2iDGQQeO6YqxlxE2U+iz9WdZtXW04yCJOyoqCCP/9XwBg2CBO w2+1S+S0pBeXbPvZpQTDm29PIaYcVn+zUghnu/lFuoiAZgq1rrAqxghv9EDPt0Zb UZ314ENDyWmNItVmwk+ebv4UvrxmrCYNlC2wVgO/igk/KrXs4rAOk5isxoaqyz8c uhMrwqrDLFQ6tBaGQ5dKklOfVIqP5bTbyWYB5S12nM+gD5qjW6AvjJF7pt+qHBu2 Xf7vkk5kwVoZ13MlzgvGmPIDNnLjGI8xW1VgpxWgEzcWGS8n1Ex5qEg1jvDkdCMP 2JQkgKt4aomDzqtv =0Pfx -----END PGP SIGNATURE-----
--- End Message ---
