[Git][security-tracker-team/security-tracker][master] php-twig DSA
Moritz Muehlenhoff (@jmm)
jmm at debian.org
Tue Jun 2 18:33:49 BST 2026
Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits:
71d38365 by Moritz Mühlenhoff at 2026-06-02T19:33:17+02:00
php-twig DSA
- - - - -
3 changed files:
- data/CVE/list
- data/DSA/list
- data/dsa-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -219916,7 +219916,6 @@ CVE-2024-51755 (Twig is a template language for PHP. In a sandbox, an attacker c
CVE-2024-51754 (Twig is a template language for PHP. In a sandbox, an attacker can cal ...)
{DLA-4186-1}
- php-twig 3.14.2-1 (bug #1086884)
- [bookworm] - php-twig <ignored> (Minor issue, too intrusive to backport)
- twig <removed>
NOTE: https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6
NOTE: Fixed by: https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73 (v3.14.1)
=====================================
data/DSA/list
=====================================
@@ -1,3 +1,6 @@
+[02 Jun 2026] DSA-6320-1 php-twig - security update
+ {CVE-2024-51754 CVE-2026-46628 CVE-2026-46629 CVE-2026-46633 CVE-2026-46637 CVE-2026-47730}
+ [bookworm] - php-twig 3.5.1-1+deb12u2
[02 Jun 2026] DSA-6319-1 yelp - security update
[bookworm] - yelp 42.2-1+deb12u2
[trixie] - yelp 42.2-4+deb13u1
=====================================
data/dsa-needed.txt
=====================================
@@ -85,8 +85,6 @@ perl (carnil)
--
php-laravel-framework/oldstable
--
-php-twig/oldstable (jmm)
---
poppler
--
prometheus
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71d383651f4c9e9f73533c9ffb93f8e5508b7e87
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/71d383651f4c9e9f73533c9ffb93f8e5508b7e87
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260602/16f635bb/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list