Ubuntu has issued an advisory today (March 28): https://ubuntu.com/security/notices/USN-5348-1 The issues are fixed upstream in 3.1.43: https://github.com/smarty-php/smarty/releases/tag/v3.1.42 https://github.com/smarty-php/smarty/releases/tag/v3.1.43 Cauldron should be updated to 4.1.0 for PHP 8.1.x compatibility: https://github.com/smarty-php/smarty/releases/tag/v4.1.0 3.1.44 is the newest in that branch: https://github.com/smarty-php/smarty/releases/tag/v3.1.44 However, you need 4.0.x for PHP 8.0.x compatibility, so Mageia 8 should be updated to that: https://github.com/smarty-php/smarty/releases/tag/v4.0.0 https://github.com/smarty-php/smarty/releases/tag/v4.0.1 https://github.com/smarty-php/smarty/releases/tag/v4.0.2 https://github.com/smarty-php/smarty/releases/tag/v4.0.3 https://github.com/smarty-php/smarty/releases/tag/v4.0.4
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 4.0.3
This is your baby, Marc, so assigning it thus.
Assignee: bugsquad => mageia
Updated php-smarty packages to version 4 for php 8 compatibility and to fix security vulnerabilities. References: https://ubuntu.com/security/notices/USN-5348-1 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13982 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16831 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26119 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26120 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29454 https://github.com/smarty-php/smarty/releases/tag/v4.0.4 ======================== Updated packages in core/updates_testing: ======================== php-smarty-4.0.4-1.mga8.noarch.rpm SRPM: php-smarty-4.0.4-1.mga8.src.rpm
Assignee: mageia => qa-bugs
Whiteboard: MGA8TOO => (none)Version: Cauldron => 8
MGA8-64 Plasma on Lenovo B50 in Dutch. No installation issues. no ill effect on my system i read from the description in MCC this is a developer's tool, so OK'ingon clean install.
CC: (none) => herman.viaene
Whiteboard: (none) => MGA8-64-OK
Validating. Advisory information in Comment 2.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2022-0127.html
Status: NEW => RESOLVEDResolution: (none) => FIXED