Commit 9af7aba8 authored by Chris Lamb's avatar Chris Lamb 💬 Committed by Mike Gabriel

upload to wheezy-security (debian/3.1.10-2+deb7u2)

parent 0bf320c6
smarty3 (3.1.10-2+deb7u2) wheezy-security; urgency=high
* CVE-2017-1000480: Fix a code-injection vulnerability via specially-crafted
filenames in comments. Thanks to Mike Gabriel for backporting the patch.
(Closes: #886460)
-- Chris Lamb <lamby@debian.org> Fri, 19 Jan 2018 21:06:25 +1100
smarty3 (3.1.10-2+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the LTS team.
......
--- a/distribution/libs/sysplugins/smarty_internal_templatecompilerbase.php
+++ b/distribution/libs/sysplugins/smarty_internal_templatecompilerbase.php
@@ -166,8 +166,8 @@
// template header code
$template_header = '';
if (!$this->suppressHeader) {
- $template_header .= "<?php /* Smarty version " . Smarty::SMARTY_VERSION . ", created on " . strftime("%Y-%m-%d %H:%M:%S") . "\n";
- $template_header .= " compiled from \"" . $this->template->source->filepath . "\" */ ?>\n";
+ $template_header .= "<?php /* Smarty version {Smarty::SMARTY_VERSION}, created on " . strftime("%Y-%m-%d %H:%M:%S") . "\n";
+ $template_header .= " compiled from \"" . str_replace('*/','* /',$_template->source->filepath) . "\" */ ?>\n";
}
do {
--- a/distribution/libs/sysplugins/smarty_resource_custom.php
+++ b/distribution/libs/sysplugins/smarty_resource_custom.php
@@ -48,7 +48,7 @@
*/
public function populate(Smarty_Template_Source $source, Smarty_Internal_Template $_template=null)
{
- $source->filepath = strtolower($source->type . ':' . $source->name);
+ $source->filepath = $source->type . ':' . substr(preg_replace('/[^A-Za-z0-9.]/','',$source->name),0,25);
$source->uid = sha1($source->type . ':' . $source->name);
$mtime = $this->fetchTimestamp($source->name);
@@ -88,7 +88,7 @@
*/
protected function getBasename(Smarty_Template_Source $source)
{
- return basename($source->name);
+ return basename(substr(preg_replace('/[^A-Za-z0-9.]/','',$source->name),0,25));
}
}
......@@ -4,9 +4,9 @@ Author: Uwe Tews <uwe.tews@googlemail.com>
Origin: upstream, http://code.google.com/p/smarty-php/source/detail?spec=svn4658&r=4658
Bug: http://secunia.com/advisories/50589/
Bug-Debian: http://bugs.debian.org/688153
--- a/distribution/libs/Smarty.class.php
+++ b/distribution/libs/Smarty.class.php
@@ -1481,6 +1481,9 @@
--- smarty3-3.1.10.orig/distribution/libs/Smarty.class.php
+++ smarty3-3.1.10/distribution/libs/Smarty.class.php
@@ -1481,6 +1481,9 @@ if (Smarty::$_CHARSET !== 'UTF-8') {
* @package Smarty
*/
class SmartyException extends Exception {
......@@ -16,4 +16,3 @@ Bug-Debian: http://bugs.debian.org/688153
}
/**
......@@ -16,10 +16,8 @@ Debian-Bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765920
.../libs/sysplugins/smarty_internal_parsetree.php | 756 ++++++++++-----------
1 file changed, 361 insertions(+), 395 deletions(-)
diff --git a/distribution/libs/sysplugins/smarty_internal_parsetree.php b/distribution/libs/sysplugins/smarty_internal_parsetree.php
index c9fb1f7..1866710 100644
--- a/distribution/libs/sysplugins/smarty_internal_parsetree.php
+++ b/distribution/libs/sysplugins/smarty_internal_parsetree.php
--- smarty3-3.1.10.orig/distribution/libs/sysplugins/smarty_internal_parsetree.php
+++ smarty3-3.1.10/distribution/libs/sysplugins/smarty_internal_parsetree.php
@@ -1,395 +1,361 @@
-<?php
-/**
......
001_escape-smarty-exception-messages.patch
CVE-2014-8350.patch
0001_CVE-2017-1000480.patch
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment