[Git][security-tracker-team/security-tracker][master] Reserve DLA-2618-1 for smarty3

Mon Apr 5 06:19:06 BST 2021


Abhijith PA pushed to branch master at Debian Security Tracker / security-tracker


Commits:
fe4acfc7 by Abhijith PA at 2021-04-05T10:48:58+05:30
Reserve DLA-2618-1 for smarty3

- - - - -


2 changed files:

- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[05 Apr 2021] DLA-2618-1 smarty3 - security update
+	{CVE-2018-13982 CVE-2021-26119 CVE-2021-26120}
+	[stretch] - smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-2+deb9u2
 [04 Apr 2021] DLA-2617-1 php-nette - security update
 	{CVE-2020-15227}
 	[stretch] - php-nette 2.4-20160731-1+deb9u1


=====================================
data/dla-needed.txt
=====================================
@@ -144,9 +144,6 @@ shiro (Roberto C. Sánchez)
   NOTE: 20201004: Sent additional request to upstream dev list; stil no response. (roberto)
   NOTE: 20201220: Upstream has responded.  Working with them to backport fixes. (roberto)
 --
-smarty3 (Abhijith PA)
-  NOTE: 20200322: CVE-2018-13982 need more time to backport (abhijith)
---
 spotweb
   NOTE: 20201220: The affected code uses string concatenation to construct a SQL query.
   NOTE: 20201220: Upstream's "fix" is to blacklist all the "bad" SQL commands. (roberto)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe4acfc7320aa9758372ef72ba84aa4609bf2670

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/fe4acfc7320aa9758372ef72ba84aa4609bf2670
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20210405/6b73aaee/attachment.htm>
