Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 21 Aug 2015 14:39:57 +0200
From: Alessandro Ghedini <>
Subject: CVE Request: twig remote code execution


the symphony project released a security advisory for the Twig PHP library:

The linked GitHub pull requests provides the fixes:

AFAICT there are least two issues: a remote code execution fixed by the "fixed
sandbox security issue" patch, and at least another issue regarding access to
"reserved macro names".

The RCE deserves a CVE IMO, but I'm not sure about the other one (or if it is
indeed only one issue).

Can CVE(s) be assigned for the above issue(s) as you deem appropriate?


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ