smarty4 (4.1.1-1)
[PTS] [DDPO]
OK: VCS matches the version in the archive
- Git: https://salsa.debian.org/debian/smarty4.git
-
- Branch: master
- Path: debian/changelog
- Browser: https://salsa.debian.org/debian/smarty4
- Last scan: 2022-08-03 13:47:31+00
- Next scan: 2022-08-10 16:12:00+00
- Debian changelog in Git:
smarty4 (4.1.1-1) unstable; urgency=medium
* New upstream release.
- CVE-2021-21408: Prevent template authors from running restricted static
php methods. (Closes: #1010375).
- CVE-2021-29454: Prevent template authors from running arbitrary PHP code
by crafting a malicious math string. (Closes: #1010375, as well).
- CVE-2022-29221: Prevent template authors from injecting PHP code by
choosing malicious filenames. (Closes: #1011757).
* debian/control:
+ Bump Standards-Version: to 4.6.1. No changes needed.
* debian/smarty4.docs:
+ Drop demo/ from documentation files. Folder removed upstream.
* debian/copyright:
+ Update copyright attributions.
-- Mike Gabriel <sunweaver@debian.org> Sun, 29 May 2022 07:58:20 +0200
- This branch is even with tag debian/4.1.1-1