You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa php-twig

Sigurnosni nedostatak programskog paketa php-twig

——————————————————————————–
Fedora Update Notification
FEDORA-2015-13433
2015-08-27 17:52:04.307033
——————————————————————————–

Name : php-twig
Product : Fedora 22
Version : 1.20.0
Release : 1.fc22
URL : http://twig.sensiolabs.org
Summary : The flexible, fast, and secure template engine for PHP
Description :
The flexible, fast, and secure template engine for PHP.

* Fast: Twig compiles templates down to plain optimized PHP code. The
overhead compared to regular PHP code was reduced to the very minimum.

* Secure: Twig has a sandbox mode to evaluate untrusted template code. This
allows Twig to be used as a template language for applications where users
may modify the template design.

* Flexible: Twig is powered by a flexible lexer and parser. This allows the
developer to define its own custom tags and filters, and create its own
DSL.

——————————————————————————–
Update Information:

## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templates
and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *
deprecated Twig_Template::getEnvironment() * deprecated the _self variable for
usage outside of the from and import tags * added Twig_BaseNodeVisitor to ease
the compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)
* fixed wrong error message when including an undefined template in a child
template * added support for variadic filters, functions, and tests * added
support for extra positional arguments in macros * added ignore_missing flag to
the source function * fixed batch filter with zero items * deprecated
Twig_Environment::clearTemplateCache() * fixed sandbox disabling when using the
include function
——————————————————————————–
References:

[ 1 ] Bug #1249259 – php-twig-v1.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1249259
[ 2 ] Bug #1255796 – php-twig: Remote code execution via Twig templates [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1255796
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-twig’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa firefox

Otkriveni su sigurnosni nedostaci u programskom paketu firefox. Otkriveni nedostaci potencijalnim napadačima omogućuju pokretanje proizvoljnog programskog koda, instalaciju malicioznih dodataka...

Close