| Summary: | php-smarty new security issue CVE-2022-29221 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | critical | ||
| Priority: | Normal | CC: | andrewsfarm, davidwhodgins, herman.viaene, mageia, sysadmin-bugs |
| Version: | 8 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA8-64-OK | ||
| Source RPM: | php-smarty-4.0.4-1.mga8.src.rpm | CVE: | CVE-2022-29221 |
| Status comment: | |||
|
Description
David Walser
2022-05-31 22:33:49 CEST
David Walser
2022-05-31 22:34:05 CEST
Status comment:
(none) =>
Fixed upstream in 4.1.1 Updated php-smarty package to fix security vulnerability:
Template authors could inject php code by choosing a malicious {block} name or {include} file name.
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29221
https://www.debian.org/security/2022/dsa-5151
https://github.com/smarty-php/smarty/security/advisories/GHSA-634x-pc3q-cf4c
https://github.com/smarty-php/smarty/releases/tag/v4.1.1
========================
Updated packages in core/updates_testing:
========================
php-smarty-4.1.1-1.mga8.noarch.rpm
SRPM:
php-smarty-4.1.1-1.mga8.src.rpmAssignee:
mageia =>
qa-bugs
Marc Krämer
2022-06-01 14:50:42 CEST
CVE:
(none) =>
CVE-2022-29221 MGA8-64 Plasma on Lenovo B50 in Dutch. No installation issues. No ill effect on my system Ref bug 30214, OK on clean install. Whiteboard:
(none) =>
MGA8-64-OK Validating. Advisory in Comment 1. Keywords:
(none) =>
validated_update
Dave Hodgins
2022-06-13 20:25:35 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0226.html Status:
NEW =>
RESOLVED
David Walser
2023-01-10 14:34:38 CET
Status comment:
Fixed upstream in 4.1.1 =>
(none) |