|
|
Log in / Subscribe / Register

Debian alert DSA-6320-1 (php-twig)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6320-1] php-twig security update


Date:
              Tue, 02 Jun 2026 17:39:25 +0000


Message-ID:
              <ah8VTeftxxXKIKoW@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6320-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 02, 2026                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : php-twig
CVE ID         : CVE-2024-51754 CVE-2026-46628 CVE-2026-46629  
                 CVE-2026-46637 CVE-2026-47730 CVE-2026-46633

Multiple security vulnerabilities were discovered in Twig, a template
engine for PHP, which could result in PHP code injection, sandbox bypass
or cross-site scripting.

For the oldstable distribution (bookworm), these problems have been fixed
in version 3.5.1-1+deb12u3.

We recommend that you upgrade your php-twig packages.

For the detailed security status of php-twig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php-twig

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmofFFIACgkQEMKTtsN8
TjbF2xAAkkxtK+J1YYuKdOnMH8TM1ScMpaXHMHO40Q+vHiieHwuJYxWEZt4LGxef
HNBpp4o052vcwzx02ir9LJkNLNHlfSbqiNn0KP0bQxGyc+CqZ5/ph2tTlS005pu8
zY9mJ9zxlEKW2ZZGHE4P94iXplZkLMX+IrcYftmhr9GN6QF4DLiqUDXcCkViDE7Y
3Dq1S77ARc7oLvBXQmgKyWwpZrPgDh0lTy2Vv2mo82OVElWUj2hxrXKObKNMan02
fj+hZEZ5ynRW4544maOsUlgnvD8ZJxCdQN/WU8o4YCSyCM+P7KugC28x2PPqxkyk
YEeAvP6jLX7fJy6cURBuJQ5eQPpK61rjFKnnYD649RI5xrheuwrHYMosynLo+LJc
EVYGqpA5PU+12DFkIAr4Ss8oKiboSAx7jy5Q/jTaapoemVxVXb7D6nQFsSy+abma
b7DbNVosPwyVoe4K9HTYphVYH/ODytErZcyZUSGPlUofwfs5nxITzCZCaGr4XU39
AjGGH2LSjzRzjJBq9CFg6w3NMLCEcbV9ccfRYejF+Gz8swmpIttzMg0bbB+IWb6S
Xl9qyhWjliScur7shkJ1TS1+n4CoaJSI3pUumE8guas8RAxPhb2n7y6IT3gG+mq2
LeuOPzydDhUEV4Kx7NEuZ822en/n/gGSSoUPmo3L60s1h7uOOR4=
=tcOY
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds