Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
00ada3cf by Salvatore Bonaccorso at 2026-05-28T06:28:21+02:00
Track fixed version for php-twig issues
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -648,28 +648,28 @@ CVE-2026-48489
NOTE:
https://symfony.com/blog/cve-2026-48489-security-firewall-bypass-via-failure-forward-subrequest
NOTE:
https://github.com/symfony/symfony/commit/c48a4276309e11aedeeb0ce3a89dfbf0b4fe04ff
(v5.4.53)
CVE-2026-46636
- - php-twig <unfixed>
+ - php-twig 3.27.0-1
NOTE:
https://symfony.com/blog/cve-2026-46636-sandbox-filter-tag-and-function-allow-list-bypass-when-sandbox-state-changes-between-renders
CVE-2026-48806
- - php-twig <unfixed>
+ - php-twig 3.27.0-1
[trixie] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet
shipped)
[bookworm] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet
shipped)
[bullseye] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet
shipped)
NOTE:
https://symfony.com/blog/cve-2026-48806-sandbox-tostring-policy-bypass-via-dynamic-mapping-keys
CVE-2026-48807
- - php-twig <unfixed>
+ - php-twig 3.27.0-1
[trixie] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet
shipped)
[bookworm] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet
shipped)
[bullseye] - php-twig <not-affected> (Fix for CVE-2026-47732 not yet
shipped)
NOTE:
https://symfony.com/blog/cve-2026-48807-sandbox-tostring-policy-bypass-via-traversable-in-join-replace-and-in-not-in-operators
CVE-2026-48808
- - php-twig <unfixed>
+ - php-twig 3.27.0-1
[trixie] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet
shipped)
[bookworm] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet
shipped)
[bullseye] - php-twig <not-affected> (Fix for CVE-2026-46635 not yet
shipped)
NOTE:
https://symfony.com/blog/cve-2026-48808-sandbox-property-allowlist-bypass-via-the-column-filter-under-sourcepolicyinterface
CVE-2026-48805
- - php-twig <unfixed>
+ - php-twig 3.27.0-1
NOTE:
https://symfony.com/blog/cve-2026-48805-sandbox-state-regression-in-deprecated-internal-wrappers-in-src-resources-core-php
CVE-2026-47770
- jq 1.8.1-7
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00ada3cf4806c2090cb07061612b6c2cc5ad9682
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/00ada3cf4806c2090cb07061612b6c2cc5ad9682
You're receiving this email because of your account on salsa.debian.org. Manage
all notifications: https://salsa.debian.org/-/profile/notifications | Help:
https://salsa.debian.org/help
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
