Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when calling fetch() or display() functions on custom resources that does not sanitize template name.
Created php-Smarty tracking bugs for this issue:
Affects: epel-all [bug 1532493]
Affects: fedora-all [bug 1532494]
All dependent bugs have been closed. Can this tracking bug be closed?
In reply to comment #2:
> All dependent bugs have been closed. Can this tracking bug be closed?