-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 06 Dec 2024 14:39:32 +0100 Source: smarty3 Architecture: source Version: 3.1.47-2+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: Mike Gabriel Changed-By: Tobias Frost Closes: 1033964 1072530 Changes: smarty3 (3.1.47-2+deb12u1) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * CVE-2023-28447 - JavaScript injection (Closes: #1033964) * CVE-2024-35226 - PHP Code injection by untrusted template authors (Closes: #1072530) * Add simple autopkgtests for the three CVEs. Checksums-Sha1: 2cafd5b943cc99d10cbf684eba1e0b673840a8ef 2009 smarty3_3.1.47-2+deb12u1.dsc 70ca3a4b318f0766e73cd7cdd1d8078f1b0cd5c8 266736 smarty3_3.1.47.orig.tar.gz 7fab9b782643ac81770db40ebb06ae4f7166eab9 10220 smarty3_3.1.47-2+deb12u1.debian.tar.xz 6821a8e5638834c8bf1af3ec28abb858dd6a17d8 6609 smarty3_3.1.47-2+deb12u1_amd64.buildinfo Checksums-Sha256: 7880dd1f3e805f494cfd5fc05c474276a28020d6aec4da6da910a6d20a3e06ff 2009 smarty3_3.1.47-2+deb12u1.dsc c38db4b6be9891dd6f20c5d96f475c4539e310bb67a0e2aad7d6d585f14c8be0 266736 smarty3_3.1.47.orig.tar.gz ab94b09b710f274ef5539faef71548d406da1d6baaa58bb3cf5885b38cd6a73f 10220 smarty3_3.1.47-2+deb12u1.debian.tar.xz 478460db50985978de4dbbab516092bf074ea05b3098711c3e2c5e72509f731c 6609 smarty3_3.1.47-2+deb12u1_amd64.buildinfo Files: 2b34e477be3f9f246a329a7bb4e64b67 2009 web optional smarty3_3.1.47-2+deb12u1.dsc d1a27eb9553a61758d76edc589dc4a8c 266736 web optional smarty3_3.1.47.orig.tar.gz 0914596d0448be3b7162f6653c26781a 10220 web optional smarty3_3.1.47-2+deb12u1.debian.tar.xz 0be6a952719dc3de1f9d70aa85209dfb 6609 web optional smarty3_3.1.47-2+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE/d0M/zhkJ3YwohhskWT6HRe9XTYFAmdS//AACgkQkWT6HRe9 XTZC+w//S2evUu//eoVFNQXA8AL9OLLbbfU4pwyiroJqpJ9VcCEUS/JbIhwaPMxd uR9Mk7q2Aaxk8urHTS+21fH/W69crl/qQZs8QvP1BiiiHU/bNv7Vt1N68SiHMa1E py+9PwLiWobYE59gJ5K36a+xZ4GkOYhtBKD02sUe4lg9MvMgbqQSN7iosLcvArvY 0roH0htFp4/Hzgh7Vpj1cPtyIMEB9C6GSkyWWbfPANNK6ubtoQA3O+xIpNthMdvF 9O8oStGUA8GxUR/u4fJDaUKMolhnUKll5+C8x6dG4x2zXJJRCTTTYrQjDauV+8oT haPA6eXyi5vZh658VpVqJMGzCsRxuiiUImuhdu/f+JcyVsh38QyebrBsw1TllRTK BtFw7fzCxoi605Gu1d7q9FnslBWewhNKDDlFgozDAv3k0wZeZ2MJvFL0tyDTC0P5 sRcC8y32ixduoGjOvU+GKzTGFld22zE77vVhodcQjodInEdKg79dEOnFsLlBGcRP qKxK29X3zBKzD2rUXO1WSxFsFNj7EowQ5HWwUincXbEl8fcS9xQwBNNwiWVwumvz s6P+bpTQ+MGP1RlYr22F6M4hUbX9sX3GOaoCJTupOVoTR2an2dqe7IpWEzAQXC6/ 0Z4FYufK3cW0k5ZBVIXl7uMar97poALm3gTM6Jf2UajJa4SRGGY= =jhgf -----END PGP SIGNATURE-----