Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted php-twig 2.14.3-1+deb11u4 (source) into oldstable-security
Date: Wed, 28 May 2025 21:10:23 +0000
Signed by: Markus Koschany <apo@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 28 May 2025 22:44:45 CEST
Source: php-twig
Architecture: source
Version: 2.14.3-1+deb11u4
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
 6a03ffaf7d56496863d0a20eff81f98663d49614 3165 php-twig_2.14.3-1+deb11u4.dsc
 b5e906b16b1cf937a7845374f7fa4b4e1d2f62b0 20112 php-twig_2.14.3-1+deb11u4.debian.tar.xz
 43ef8740b161392a9a020a8c77336d55eeaffb33 13990 php-twig_2.14.3-1+deb11u4_amd64.buildinfo
Checksums-Sha256:
 20ff3def0a89aa7dc25009168c367abc036100621cce2f2f21b38fb95e12c880 3165 php-twig_2.14.3-1+deb11u4.dsc
 1d47312de898626a826e80a8b16a2695a68f93a1e015c9be6482afd269a4226f 20112 php-twig_2.14.3-1+deb11u4.debian.tar.xz
 6c8ac89013ff43ff92b2db684803fbb5e7baf4eee06f06b045f3651dc73e54d3 13990 php-twig_2.14.3-1+deb11u4_amd64.buildinfo
Changes:
 php-twig (2.14.3-1+deb11u4) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2024-51754:
     Twig is a template language for PHP. In a sandbox, an attacker can call
     `__toString()` on an object even if the `__toString()` method is not allowed
     by the security policy when the object is part of an array or an argument
     list (arguments to a function or a filter for instance).
Files:
 4c726a70f1330824668a4511a6dfeda9 3165 php optional php-twig_2.14.3-1+deb11u4.dsc
 c5b259323aab9f3635ebda926bcb5ff1 20112 php optional php-twig_2.14.3-1+deb11u4.debian.tar.xz
 342cecf39fd0cc9031c24d51840bdf51 13990 php optional php-twig_2.14.3-1+deb11u4_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmg3dr9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkV4sP/1UU3gwaHlDyZle9AoIEojO9Yi8fqqrvM5T2
dA4JCqzNRaqzAP03A9O7q/CiRV/82AlVuT3Sx/w+LML32IY8tFx2gnuBwMn4wUJr
RMqetzPVQC3iw/GDAyLOq42IwB/MlW05yQee0FZmJDBzkqRtRZkr2hA8gprP16qT
pxvcuyHTJQZ+8KGj3E9PwzFDBqTM9CAxqeiBfA6s88HMrDgXNpVBTMUJNJGdIE7I
Dfrn0na2j888QFRohLs7LA+YxkCwmgOsMn/Honf+Ptrc5O65C6Uc6xGeTJDQo/nT
ouuhoDXtDRyjP9o7r72EBaxbXsDQJwg0eWq2ffheIYkzoSxW4oa5P5udq8Mm1muN
YWwfT5y3nBzyBCl5V7WvTzdC36/wAamjnkhAKIr5Cm7/UgSCB/hDPvTUJqP2ceex
ntTIY7tMRisEkGSjP7oMOn13vSKApd7wLMcohUa7MPuSyPTYejpg9Ag5qWTgQzFz
+1S+oO2cbc7Jqs54+9LRsWmUlTPkSbJb/PWdbUmiNHvchpKit1kYlitj2umh9FmT
vyQucIfnkt/8u6DZRSFhOMmFvp/s0QX1SegHW/2xkLTGAcRQIbDap9bsbSQoAhuP
h1UBf5LTli6+ZH9wDo6DUL/ctMJAeuyOk3IHx1K+q1KdTBuboGSnhCxG3HCV/QkF
YX2yJBjF
=8B4w
-----END PGP SIGNATURE-----

News for package php-twig