Updated php-smarty packages fix security vulnerability
Publication date: 21 Nov 2014Type: security
Affected Mageia releases : 4
CVE: CVE-2014-8350
Description
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template (CVE-2014-8350).
References
SRPMS
4/core
- php-smarty-3.1.21-1.mga4