[Git][security-tracker-team/security-tracker][master] Slightly add more information on CVE-2022-23601/symfony
Salvatore Bonaccorso (@carnil)
carnil at debian.org
Mon Jan 31 20:51:14 GMT 2022
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
a836a08b by Salvatore Bonaccorso at 2022-01-31T21:48:31+01:00
Slightly add more information on CVE-2022-23601/symfony
Thanks David Prévot for clarifying what "vulnerable code not present"
meant. The issue got introduced in 5.4.3, which was never packaged for
Debian and fixed in 5.4.4. So no Debian released version contained the
vulnerable code. Try to reflect this in the description.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -2317,7 +2317,7 @@ CVE-2022-23602
RESERVED
CVE-2022-23601 [CSRF token missing in forms]
RESERVED
- - symfony <not-affected> (Vulnerable code not present)
+ - symfony <not-affected> (Vulnerable code not present; o Debian released version contained the vulnerable code)
NOTE: https://symfony.com/blog/cve-2022-23601-csrf-token-missing-in-forms
NOTE: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57117aabadac96fa37857f50
CVE-2022-23600
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a836a08b36a46ae1da49a29f6ea7f31ad4aec24a
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/a836a08b36a46ae1da49a29f6ea7f31ad4aec24a
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220131/aeeff0ba/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list