From ${URL} : the symphony project released a security advisory for the Twig PHP library: http://symfony.com/blog/security-release-twig-1-20-0 The linked GitHub pull requests provides the fixes: https://github.com/twigphp/Twig/pull/1759 AFAICT there are least two issues: a remote code execution fixed by the "fixed sandbox security issue" patch, and at least another issue regarding access to "reserved macro names". @maintainer(s): since the package or the affected version has never been marked as stable, we don't need to stabilize it. After the bump, please remove the affected versions from the tree.
dev-php/twig-1.20.0 added and old versions dropped