- What: Security update for php-twig with multiple CVEs.
- Impact: Debian users should apply the update to address vulnerabilities in the templating engine.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6311-1] php-twig security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6311-1] php-twig security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Fri, 29 May 2026 18:34:20 +0000 Message-id: <[🔎] ahncLHeBKDUfnOBL@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6311-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 29, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php-twig CVE ID : CVE-2026-24425 CVE-2026-46627 CVE-2026-46628 CVE-2026-46629 CVE-2026-46633 CVE-2026-46634 CVE-2026-46635 CVE-2026-46636 CVE-2026-46637 CVE-2026-46638 CVE-2026-46640 CVE-2026-47730 CVE-2026-47732 CVE-2026-48805 Multiple security vulnerabilities were discovered in Twig, a template engine for PHP, which could result in PHP code injection, sandbox bypass or cross-site scripting. For the stable distribution (trixie), these problems have been fixed in version 3.27.0-0+deb13u1. We recommend that you upgrade your php-twig packages. For the detailed security status of php-twig please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php-twig Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmoZ2OYACgkQEMKTtsN8 TjZZpQ//RL6C/Uyft9psxLNzRzMZlZR1UmEl/gbuzUWWWqIiiMz0SJv1CXe1fKkB G3hOv56uP/bTQBxQRLOPnci5n02jIHocNFaWtyAEYKGdbxI/uFDUUHV7og90NTnZ FW9IPFrzujmrRs9hd3yIMGCEUfze+5t51ehCY01a65cYV9mEEMaiuewFuD2+8jNF CWdbbReid5cmKL9Rb7pikvX1tvVbRX70AVfTF3ajkcoBLcJ+zCl8V0d0zE2ROt0Y blxfNlxs660RmiZrADxq8wwoDYlH2Q9Y+uNZE+pVdsvDFXT6f8W+4mKdTaWGnsz5 Cqrvl3M5eTkBQeXWUbc7qabYp93zbsBSTig3bF0c40BFMh2VdWZyVZUKm6pGF1iw oeM3+zEPOAGpbzVd0LAtRlGsqj3sWcTl+NqW01/Crbs94SZizib7Bd0qPeAdfogE kJNThXwkYqcBweaZ3AEWgIMnisQiO4ASwrkDtDu6ka9yKSklbNqcHKUv6cUa4B0K xN0d7OYtjB5dL7DmBglN5Az2jC6nTFCtxzsuql8qWLj3gwQLuVLkbJjUjTJ/JqZ1 H/toW5w5KzotIqZ9XJJGup7qK3soU4JzgtqIaOKxLrw/nP2O8uHiVMg19BjoHhXN hQvNOFR9Iwgz1Wp3Qoflh7mEtFVm0THrZS6J9RrFxUORlQSunFs= =zhXV -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6310-1] imagemagick security update Previous by thread: [SECURITY] [DSA 6310-1] imagemagick security update Index(es): Date Thread