Errata overview
Errata ID 281
Date 2018-01-31
Source package smarty3
Fixed in version 3.1.21-1+deb8u1
This update addresses the following issue:
* Smarty 3 is vulnerable to a PHP code injection when calling fetch() or
  display() functions on custom resources that does not sanitize template
  name. (CVE-2017-1000480)
Additional notes
CVE ID CVE-2017-1000480
UCS Bug number #46169