[Git][security-tracker-team/security-tracker][master] Update status for CVE-2021-41270/symfony

Salvatore Bonaccorso (@carnil) carnil at debian.org
Thu Nov 25 21:17:31 GMT 2021



Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
7783862b by Salvatore Bonaccorso at 2021-11-25T22:17:01+01:00
Update status for CVE-2021-41270/symfony

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -10223,6 +10223,8 @@ CVE-2021-41271 (Discourse is a platform for community discussion. In affected ve
 	NOT-FOR-US: Discourse
 CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...)
 	- symfony 4.4.19+dfsg-3
+	[buster] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
+	[stretch] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
 	NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35)
 	NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7783862b1c7c7516930ba2ff96028f38111eb914

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7783862b1c7c7516930ba2ff96028f38111eb914
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20211125/aa6bfd62/attachment-0001.htm>


More information about the debian-security-tracker-commits mailing list