PublicDateAtUSN: 2022-01-10 20:15:00 UTC
Candidate: CVE-2021-21408
PublicDate: 2022-01-10 20:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21408
 https://github.com/smarty-php/smarty/commit/19ae410bf56007a5ef24441cdc6414619cfaf664
 https://github.com/smarty-php/smarty/releases/tag/v3.1.43
 https://github.com/smarty-php/smarty/security/advisories/GHSA-4h9c-v5vg-5m6m
 https://github.com/smarty-php/smarty/releases/tag/v4.0.3
 https://ubuntu.com/security/notices/USN-5348-1
Description:
 Smarty is a template engine for PHP, facilitating the separation of
 presentation (HTML/CSS) from application logic. Prior to versions 3.1.43
 and 4.0.3, template authors could run restricted static php methods. Users
 should upgrade to version 3.1.43 or 4.0.3 to receive a patch.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_smarty3:
 upstream: https://github.com/smarty-php/smarty/commit/28519ca00fe6890ef2d464f8400a16188c4b6f36
upstream_smarty3: released (4.0.3,3.1.43)
trusty_smarty3: ignored (out of standard support, was needed)
trusty/esm_smarty3: DNE
xenial_smarty3: ignored (out of standard support, was needed)
bionic_smarty3: released (3.1.31+20161214.1.c7d42e4+selfpack1-3ubuntu0.1)
focal_smarty3: needed
hirsute_smarty3: ignored (reached end-of-life)
impish_smarty3: released (3.1.39-2ubuntu0.21.10.1)
jammy_smarty3: released (3.1.39-2ubuntu1)
devel_smarty3: released (3.1.39-2ubuntu1)