Debian LTS: DLA-2995-1: smarty3 security update


Smarty3, a template engine for PHP, allowed template authors to run restricted static php methods. The same authors could also run arbitrary PHP code by crafting a malicious math string. If a math string was passed through as user provided data to the math function, remote users were able to run arbitrary PHP