Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 30 Sep 2015 12:51:00 +0200
From: Alessandro Ghedini <>
Subject: Re: CVE Request: twig remote code execution

On Fri, Aug 21, 2015 at 02:39:57PM +0200, Alessandro Ghedini wrote:
> Hello,
> the symphony project released a security advisory for the Twig PHP library:
> The linked GitHub pull requests provides the fixes:
> AFAICT there are least two issues: a remote code execution fixed by the "fixed
> sandbox security issue" patch, and at least another issue regarding access to
> "reserved macro names".
> The RCE deserves a CVE IMO, but I'm not sure about the other one (or if it is
> indeed only one issue).
> Can CVE(s) be assigned for the above issue(s) as you deem appropriate?
> Thanks



Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ