Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker
Commits: 89d1f5d9 by Moritz Muehlenhoff at 2026-05-27T20:18:28+02:00 new twig issues - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -1,3 +1,27 @@ +CVE-2026-46636 + - php-twig <unfixed> + NOTE: https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders +CVE-2026-48806 + - php-twig <unfixed> + [trixie] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet shipped) + [bookworm] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet shipped) + [bullseye] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet shipped) + NOTE: https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys +CVE-2026-48807 + - php-twig <unfixed> + [trixie] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet shipped) + [bookworm] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet shipped) + [bullseye] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet shipped) + NOTE: https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators +CVE-2026-48808 + - php-twig <unfixed> + [trixie] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet shipped) + [bookworm] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet shipped) + [bullseye] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet shipped) + NOTE: https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface +CVE-2026-48805 + - php-twig <unfixed> + NOTE: https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php CVE-2026-47770 - jq 1.8.1-7 NOTE: https://github.com/jqlang/jq/commit/7122866869960b55cea3646bc91334ef55787831 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d1f5d98c6fd03d55a81016752d2613eba2ebc5 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/89d1f5d98c6fd03d55a81016752d2613eba2ebc5 You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
