-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 06 Dec 2024 14:39:32 +0100
Source: smarty3
Architecture: source
Version: 3.1.47-2+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Mike Gabriel <sunweaver@debian.org>
Changed-By: Tobias Frost <tobi@debian.org>
Closes: 1033964 1072530
Changes:
 smarty3 (3.1.47-2+deb12u1) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * CVE-2023-28447 - JavaScript injection (Closes: #1033964)
   * CVE-2024-35226 - PHP Code injection by untrusted template authors
     (Closes: #1072530)
   * Add simple autopkgtests for the three CVEs.
Checksums-Sha1:
 2cafd5b943cc99d10cbf684eba1e0b673840a8ef 2009 smarty3_3.1.47-2+deb12u1.dsc
 70ca3a4b318f0766e73cd7cdd1d8078f1b0cd5c8 266736 smarty3_3.1.47.orig.tar.gz
 7fab9b782643ac81770db40ebb06ae4f7166eab9 10220 smarty3_3.1.47-2+deb12u1.debian.tar.xz
 6821a8e5638834c8bf1af3ec28abb858dd6a17d8 6609 smarty3_3.1.47-2+deb12u1_amd64.buildinfo
Checksums-Sha256:
 7880dd1f3e805f494cfd5fc05c474276a28020d6aec4da6da910a6d20a3e06ff 2009 smarty3_3.1.47-2+deb12u1.dsc
 c38db4b6be9891dd6f20c5d96f475c4539e310bb67a0e2aad7d6d585f14c8be0 266736 smarty3_3.1.47.orig.tar.gz
 ab94b09b710f274ef5539faef71548d406da1d6baaa58bb3cf5885b38cd6a73f 10220 smarty3_3.1.47-2+deb12u1.debian.tar.xz
 478460db50985978de4dbbab516092bf074ea05b3098711c3e2c5e72509f731c 6609 smarty3_3.1.47-2+deb12u1_amd64.buildinfo
Files:
 2b34e477be3f9f246a329a7bb4e64b67 2009 web optional smarty3_3.1.47-2+deb12u1.dsc
 d1a27eb9553a61758d76edc589dc4a8c 266736 web optional smarty3_3.1.47.orig.tar.gz
 0914596d0448be3b7162f6653c26781a 10220 web optional smarty3_3.1.47-2+deb12u1.debian.tar.xz
 0be6a952719dc3de1f9d70aa85209dfb 6609 web optional smarty3_3.1.47-2+deb12u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmdS//AACgkQkWT6HRe9
XTZC+w//S2evUu//eoVFNQXA8AL9OLLbbfU4pwyiroJqpJ9VcCEUS/JbIhwaPMxd
uR9Mk7q2Aaxk8urHTS+21fH/W69crl/qQZs8QvP1BiiiHU/bNv7Vt1N68SiHMa1E
py+9PwLiWobYE59gJ5K36a+xZ4GkOYhtBKD02sUe4lg9MvMgbqQSN7iosLcvArvY
0roH0htFp4/Hzgh7Vpj1cPtyIMEB9C6GSkyWWbfPANNK6ubtoQA3O+xIpNthMdvF
9O8oStGUA8GxUR/u4fJDaUKMolhnUKll5+C8x6dG4x2zXJJRCTTTYrQjDauV+8oT
haPA6eXyi5vZh658VpVqJMGzCsRxuiiUImuhdu/f+JcyVsh38QyebrBsw1TllRTK
BtFw7fzCxoi605Gu1d7q9FnslBWewhNKDDlFgozDAv3k0wZeZ2MJvFL0tyDTC0P5
sRcC8y32ixduoGjOvU+GKzTGFld22zE77vVhodcQjodInEdKg79dEOnFsLlBGcRP
qKxK29X3zBKzD2rUXO1WSxFsFNj7EowQ5HWwUincXbEl8fcS9xQwBNNwiWVwumvz
s6P+bpTQ+MGP1RlYr22F6M4hUbX9sX3GOaoCJTupOVoTR2an2dqe7IpWEzAQXC6/
0Z4FYufK3cW0k5ZBVIXl7uMar97poALm3gTM6Jf2UajJa4SRGGY=
=jhgf
-----END PGP SIGNATURE-----