FEDORA-EPEL-2022-576e858e93
Packages in this update:
php-Smarty-3.1.47-1.el7
Update description:
[3.1.47] – 2022-09-14
Security
Applied appropriate javascript and html escaping in mailto plugin to counter injection attacks #454
Fixed
Fixed use of rand() without a parameter in math function #794
Fixed unselected year/month/day not working in html_select_date #395
[3.1.46] – 2022-08-01
Fixed
Fixed problems with smarty_mb_str_replace #549
Fixed second parameter of unescape modifier not working #777
[3.1.45] – 2022-05-17
Security
Prevent PHP injection through malicious block name or include file name. This addresses CVE-2022-29221
Fixed
Math equation max(x, y) didn’t work anymore #721
[3.1.44] – 2022-01-18
Fixed
Fixed illegal characters bug in math function security check #702
[3.1.43] – 2022-01-10
Security
Prevent evasion of the static_classes security policy. This addresses CVE-2021-21408
[3.1.42] – 2022-01-10
Security
Prevent arbitrary PHP code execution through maliciously crafted expression for the math function. This addresses CVE-2021-29454
[3.1.41] – 2022-01-09
Security
Rewrote the mailto function to not use eval when encoding with javascript
[3.1.40] – 2021-10-13
Changed
modifier escape now triggers a E_USER_NOTICE when an unsupported escape type is used https://github.com/smarty-php/smarty/pull/649
Security
More advanced javascript escaping to handle https://html.spec.whatwg.org/multipage/scripting.html#restrictions-for-contents-of-script-elements thanks to m-haritonov
[3.1.39] – 2021-02-17
Security
Prevent access to $smarty.template_object in sandbox mode. This addresses CVE-2021-26119.
Fixed code injection vulnerability by using illegal function names in {function name=’blah’}{/function}. This addresses CVE-2021-26120.
[3.1.38] – 2021-01-08
Fixed
Smarty::SMARTY_VERSION wasn’t updated https://github.com/smarty-php/smarty/issues/628
[3.1.37] – 2021-01-07
Changed
Changed error handlers and handling of undefined constants for php8-compatibility (set $errcontext argument optional) https://github.com/smarty-php/smarty/issues/605
Changed expected error levels in unit tests for php8-compatibility
Travis unit tests now run for all php versions >= 5.3, including php8
Travis runs on Xenial where possible
Fixed
PHP5.3 compatibility fixes
Brought lexer source functionally up-to-date with compiled version
[3.1.36] – 2020-04-14
Fixed
Smarty::SMARTY_VERSION wasn’t updated in v3.1.35 https://github.com/smarty-php/smarty/issues/584
[3.1.35] – 2020-04-14
remove whitespaces after comments https://github.com/smarty-php/smarty/issues/447
fix foreachelse on arrayiterators https://github.com/smarty-php/smarty/issues/506
fix files contained in git export archive for package maintainers https://github.com/smarty-php/smarty/issues/325
throw SmartyException when setting caching attributes for cacheable plugin https://github.com/smarty-php/smarty/issues/457
fix errors that occured where isset was replaced with null check such as https://github.com/smarty-php/smarty/issues/453
unit tests are now in the repository
3.1.34 release – 05.11.2019
13.01.2020
– fix typo in exception message (JercSi)
– fix typehint warning with callable (bets4breakfast)
– add travis badge and compatability info to readme (matks)
– fix stdClass cast when compiling foreach (carpii)
– fix wrong set/get methods for memcached (IT-Experte)
– fix pborm assigning value to object variables in smarty_internal_compile_assign (Hunman)
– exclude error_reporting.ini from git export (glensc)
3.1.34-dev-6 –
30.10.2018
– bugfix a nested subblock in an inheritance child template was not replace by
outer level block with same name in same child template https://github.com/smarty-php/smarty/issues/500
29.10.2018
– bugfix Smarty::$php_handling == PHP_PASSTHRU (default) did eat the “n” (newline) character if it did directly followed
a PHP tag like “?>” or other https://github.com/smarty-php/smarty/issues/501
14.10.2018
– bugfix autoloader exit shortcut https://github.com/smarty-php/smarty/issues/467
11.10.2018
– bugfix {insert} not works when caching is enabled and included template is present
https://github.com/smarty-php/smarty/issues/496
– bugfix in date-format modifier; NULL at date string or default_date did not produce correct output
https://github.com/smarty-php/smarty/pull/458
09.10.2018
– bugfix fix of 26.8.2017 https://github.com/smarty-php/smarty/issues/327
modifier is applied to sum expression https://github.com/smarty-php/smarty/issues/491
– bugfix indexed arrays could not be defined “array(…)””
18.09.2018
– bugfix large plain text template sections without a Smarty tag > 700kB could
could fail in version 3.1.32 and 3.1.33 because PHP preg_match() restrictions
https://github.com/smarty-php/smarty/issues/488
More Stories
ZDI-CAN-25373: Microsoft
A CVSS score 7.0 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Peter Girnus - Trend Micro Zero Day Initiative' was reported to...
USN-6968-2: PostgreSQL vulnerability
USN-6968-1 fixed CVE-2024-7348 in PostgreSQL-12, PostgreSQL-14, and PostgreSQL-16 This update provides the corresponding updates for PostgreSQL-9.5 in Ubuntu 16.04 LTS....
USN-7015-2: Python vulnerabilities
USN-7015-1 fixed several vulnerabilities in Python. This update provides one of the corresponding updates for python2.7 for Ubuntu 16.04 LTS,...
USN-7027-1: Emacs vulnerabilities
It was discovered that Emacs incorrectly handled input sanitization. An attacker could possibly use this issue to execute arbitrary commands....
USN-7024-1: tgt vulnerability
It was discovered that tgt attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1,...
helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42 rust-gix-dir-0.8.0-1.fc42 rust-gix-discover-0.35.0-1.fc42 rust-gix-features-0.38.2-3.fc42 rust-gix-filter-0.13.0-1.fc42 rust-gix-fs-0.11.3-1.fc42 rust-gix-glob-0.16.5-1.fc42 rust-gix-ignore-0.11.4-1.fc42 rust-gix-index-0.35.0-1.fc42 rust-gix-mailmap-0.24.0-1.fc42 rust-gix-negotiate-0.15.0-1.fc42 rust-gix-object-0.44.0-1.fc42 rust-gix-odb-0.63.0-1.fc42 rust-gix-pack-0.53.0-1.fc42 rust-gix-packetline-0.17.6-1.fc42 rust-gix-packetline-blocking-0.17.5-1.fc42 rust-gix-path-0.10.11-1.fc42 rust-gix-pathspec-0.7.7-1.fc42 rust-gix-prompt-0.8.7-1.fc42 rust-gix-protocol-0.45.3-1.fc42 rust-gix-ref-0.47.0-1.fc42 rust-gix-refspec-0.25.0-1.fc42 rust-gix-revision-0.29.0-1.fc42 rust-gix-revwalk-0.15.0-1.fc42 rust-gix-sec-0.10.8-1.fc42 rust-gix-status-0.13.0-1.fc42 rust-gix-submodule-0.14.0-1.fc42 rust-gix-tempfile-14.0.2-1.fc42 rust-gix-trace-0.1.10-1.fc42 rust-gix-transport-0.42.3-1.fc42 rust-gix-traverse-0.41.0-1.fc42 rust-gix-url-0.27.5-1.fc42 rust-gix-validate-0.9.0-1.fc42 rust-gix-worktree-0.36.0-1.fc42 rust-gix-worktree-state-0.13.0-1.fc42 rust-gix-worktree-stream-0.15.0-1.fc42 rust-onefetch-2.21.0-4.fc42 rust-prodash-29.0.0-1.fc42 rust-rustsec-0.29.3-3.fc42 rust-tame-index-0.12.0-3.fc42 rust-vergen-8.3.1-4.fc42 stgit-2.4.12-1.fc42
FEDORA-2024-1b3089c689 Packages in this update: helix-24.07-2.fc42 rust-cargo-0.79.0-4.fc42 rust-cargo-deny-0.14.24-3.fc42 rust-dua-cli-2.29.2-1.fc42 rust-gix-0.66.0-1.fc42 rust-gix-actor-0.32.0-1.fc42 rust-gix-archive-0.15.0-1.fc42 rust-gix-attributes-0.22.5-1.fc42 rust-gix-command-0.3.9-1.fc42 rust-gix-commitgraph-0.24.3-1.fc42 rust-gix-config-0.40.0-1.fc42 rust-gix-config-value-0.14.8-1.fc42 rust-gix-credentials-0.24.5-1.fc42 rust-gix-date-0.9.0-1.fc42 rust-gix-diff-0.46.0-1.fc42...