[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 3147-1] twig security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3147-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
October 11, 2022                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : twig
Version        : 2.6.2-2+deb10u1
CVE ID         : CVE-2022-39261
Debian Bug     : #1020991

It was discovered that there was a potential arbitrary file read
vulnerability in twig, a PHP templating library. It was caused by
insufficient validation of template names in 'source' and 'include'
statements.

For Debian 10 buster, this problem has been fixed in version
2.6.2-2+deb10u1.

We recommend that you upgrade your twig packages.

For the detailed security status of twig please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/twig

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNFh4kACgkQHpU+J9Qx
Hljglw//ec9qrHzmAq2gx7ETzGgLglNMQxKAfr4j3MvL186PlRljtYbRDByniLQp
95j29pG323Bd4BkD9n3ZbBjLd9J4lf4dlLnYYn8DhXy2vXWYfDpuVlUVPUGAzvKH
gzLUED4JxcvElcy7g57eqr49wQ8Th+fTANvVuXeTfmirj20kJLguNnBPAEVXS3I7
tbi1saMsePmIS6Ae87H2x7chs6wskJZ1x/OEeFCCoqTzH1mwChVYT/SrBRVrru2M
b8VG6T+6Wx8MLwBIGHtS3LuW1Oi503RfkirLpesIODU/aTRCO4OEp9X4T8jHZU+R
+gkInxNfto3lk3QpEvCkAiZKxsSNF7gicXdaLKHlDDVMsoZYKWKMyWzb2hnG4Vq8
JKwT9rjSzy1JYiQI9yMx9VUwmk2okSC61qAshaO0NCww3413dIJ4LlC2tFe+RO8b
6l0szi75AnMIqEYI8+ysgVFbryCws3YOCRJj8V6K0GmKJYe7S6goevcYIxLPDCAf
/2r2hWCAa+fvNVC22hno4ZG4WVeZJE+qalVbY3kemq6K3Fan4gQZtyYi+o2Q5GDD
lztIrfL8ogA9ZSjhLsRBatp8t8yOtGpI72MYNQmJh9CmOKkjURz/8Vxd9gr/O1Q8
wDUtSLx0i6Hb3DZMX5lcrJmMvdrF7OE63prcBpPwmx2iWh0l9p8=
=pfDy
-----END PGP SIGNATURE-----


Reply to: