| Errata ID | 281 |
|---|---|
| Date | 2018-01-31 |
| Source package | smarty3 |
| Fixed in version | 3.1.21-1+deb8u1 |
| Description | This update addresses the following issue: * Smarty 3 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name. (CVE-2017-1000480) |
| Additional notes | |
| CVE ID | CVE-2017-1000480 |
| UCS Bug number | #46169 |
