DSA-4094-2 smarty3 -- smarty3ID: oval:org.secpod.oval:def:603256 | Date: (C)2018-02-05 (M)2023-07-25 |
Class: PATCH | Family: unix |
FusionDirectory team detected a regression in the previously issued fix for CVE-2017-1000480. This regression only affects the Jessie version of the patch. For reference, the relevant part of the original advisory text follows. It was discovered that Smarty, a PHP template engine, was vulnerable to code-injection attacks. An attacker was able to craft a filename in comments that could lead to arbitrary code execution on the host running Smarty.