Fedora has issued an advisory on April 12:
The issue is fixed upstream in 4.3.1:
Mageia 8 is also affected.
Fixed upstream in 4.3.1
This is looked after by MarK, so assigning to you.
Updated php-smarty packages fix security vulnerabilities:
Update fixes a js cross-site-scripting vulnerability [1,2,3].
Some more errors have been fixed [4,5]
Updated packages in core/updates_testing:
Note that this is pending a freeze move request for Cauldron.
Fixed upstream in 4.3.1 =>
Tested in a VirtualBox mga8-64 Plasma guest. Installed php-smarty, then used qarepo to update it, with no installation issues.
Previous updates have identified this as a developer's tool, and have approved it on a clean update. Since this updated OK, and shows no ill effects on the system, I'm giving it an OK, and validating. Advisory in comment 2.
An update for this issue has been pushed to the Mageia Updates repository.