Fedora has issued an advisory on April 12: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/ The issue is fixed upstream in 4.3.1: https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj Mageia 8 is also affected.
Whiteboard: (none) => MGA8TOOStatus comment: (none) => Fixed upstream in 4.3.1
This is looked after by MarK, so assigning to you.
Assignee: bugsquad => mageia
Updated php-smarty packages fix security vulnerabilities: Update fixes a js cross-site-scripting vulnerability [1,2,3]. Some more errors have been fixed [4,5] References: [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28447 [2] https://github.com/smarty-php/smarty/security/advisories/GHSA-7j98-h7fp-4vwj [3] https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/HSAUM3YHWHO4UCJXRGRLQGPJAO3MFOZZ/ [4] https://github.com/smarty-php/smarty/releases/tag/v4.3.0 [5] https://github.com/smarty-php/smarty/releases/tag/v4.3.1 ======================== Updated packages in core/updates_testing: ======================== php-smarty-4.3.1-1.mga8.noarch.rpm SRPM: php-smarty-4.3.1-1.mga8.src.rpm
Assignee: mageia => qa-bugs
Note that this is pending a freeze move request for Cauldron.
Status comment: Fixed upstream in 4.3.1 => (none)Whiteboard: MGA8TOO => (none)Version: Cauldron => 8CC: (none) => mageia
Tested in a VirtualBox mga8-64 Plasma guest. Installed php-smarty, then used qarepo to update it, with no installation issues. Previous updates have identified this as a developer's tool, and have approved it on a clean update. Since this updated OK, and shows no ill effects on the system, I'm giving it an OK, and validating. Advisory in comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: (none) => MGA8-64-OKKeywords: (none) => validated_update
CC: (none) => davidwhodginsKeywords: (none) => advisory
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0155.html
Status: NEW => RESOLVEDResolution: (none) => FIXED