• [SECURITY] [DSA 5771-1] php-twig security update

    From Moritz Muehlenhoff@21:1/5 to All on Tue Sep 17 23:00:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5771-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff September 17, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php-twig
    CVE ID : CVE-2024-45411

    Fabien Potencier discovered that under some conditions the sandbox
    mechanism of Twig, a template engine for PHP, could by bypassed.

    For the stable distribution (bookworm), this problem has been fixed in
    version 3.5.1-1+deb12u1.

    We recommend that you upgrade your php-twig packages.

    For the detailed security status of php-twig please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/php-twig

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmbp6wEACgkQEMKTtsN8 TjbMmw/9EQoKouvCA3UV7O8WQPnfbILtLGGR4ezpswEqDtV1BRJTtGsa0BL5P4RY 7ut8k9pLs/yyUtAjzk5CwikchUFaOYyK8ZHlHugOj3QC2AtdyP8WEqeM226rIqUb TUdO1wcpzVTN4HTl4pKbHYRYNGa8O16sDQsiM805zdauLnbM+LJJpBmoaok6dcg9 cNHQ0nUinMoFPU2f2Ap2tDzre+r1CJ8tNajEhD8FZFSXX+50hgooS6hSBA4yATNa MrOYuXetNgG+hF+7LI5zJnERLhzCFiqNc0Kx3G9YWhUNAsIkURB5PIyUQf1Oi4hr iUfRGY1MuR7qhCZiDJF3PJxX99eRAijO8wx+pm0FqD8lhQE6X2yniCEY0Nv4ofWX 5VAoG7MnZXbFnYGlmoAcqs3BjlYLCX9p11fkfZpOfFyuOyEYVMNJbf8wYB0PIyfz bcf9PiBkV2HdawCUmZEqo4MKJ1/4RpLMk28VZbbD4vGlldGSG9gjSG+r2gfqHKay Vvfmp/N0gWaD3H0PQ8NZdXWidqrdy4SmeFLclNC0gYC9XqVe6Xa1PgDgRNw4mdqx uI68/orZeQC3eeXSEjhk41iXDRaWZMG5PFIXAubpFnRrnje+uIl1xNP99w8y/qLR FOWHOYo9//0j6/ohNxJEX44l9zbIphiO8ljPUYu4Ai2eozwdxFE=
    =WH+j
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)