-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3147-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Chris Lamb October 11, 2022 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : twig Version : 2.6.2-2+deb10u1 CVE ID : CVE-2022-39261 Debian Bug : #1020991 It was discovered that there was a potential arbitrary file read vulnerability in twig, a PHP templating library. It was caused by insufficient validation of template names in 'source' and 'include' statements. For Debian 10 buster, this problem has been fixed in version 2.6.2-2+deb10u1. We recommend that you upgrade your twig packages. For the detailed security status of twig please refer to its security tracker page at: https://security-tracker.debian.org/tracker/twig Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAmNFh4kACgkQHpU+J9Qx Hljglw//ec9qrHzmAq2gx7ETzGgLglNMQxKAfr4j3MvL186PlRljtYbRDByniLQp 95j29pG323Bd4BkD9n3ZbBjLd9J4lf4dlLnYYn8DhXy2vXWYfDpuVlUVPUGAzvKH gzLUED4JxcvElcy7g57eqr49wQ8Th+fTANvVuXeTfmirj20kJLguNnBPAEVXS3I7 tbi1saMsePmIS6Ae87H2x7chs6wskJZ1x/OEeFCCoqTzH1mwChVYT/SrBRVrru2M b8VG6T+6Wx8MLwBIGHtS3LuW1Oi503RfkirLpesIODU/aTRCO4OEp9X4T8jHZU+R +gkInxNfto3lk3QpEvCkAiZKxsSNF7gicXdaLKHlDDVMsoZYKWKMyWzb2hnG4Vq8 JKwT9rjSzy1JYiQI9yMx9VUwmk2okSC61qAshaO0NCww3413dIJ4LlC2tFe+RO8b 6l0szi75AnMIqEYI8+ysgVFbryCws3YOCRJj8V6K0GmKJYe7S6goevcYIxLPDCAf /2r2hWCAa+fvNVC22hno4ZG4WVeZJE+qalVbY3kemq6K3Fan4gQZtyYi+o2Q5GDD lztIrfL8ogA9ZSjhLsRBatp8t8yOtGpI72MYNQmJh9CmOKkjURz/8Vxd9gr/O1Q8 wDUtSLx0i6Hb3DZMX5lcrJmMvdrF7OE63prcBpPwmx2iWh0l9p8= =pfDy -----END PGP SIGNATURE-----