[Git][security-tracker-team/security-tracker][master] Reserve DLA-3493-1 for symfony
Guilhem Moulin (@guilhem)
guilhem at debian.org
Tue Jul 11 22:45:13 BST 2023
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aa0e0bc8 by Guilhem Moulin at 2023-07-11T23:44:47+02:00
Reserve DLA-3493-1 for symfony
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -105384,13 +105384,11 @@ CVE-2022-24896 (Tuleap is a Free & Open Source Suite to manage software developm
CVE-2022-24895 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 5.4.20+dfsg-1
[bullseye] - symfony 4.4.19+dfsg-2+deb11u2
- [buster] - symfony <postponed> (Minor issue, no rdeps for Session/php-symfony-security)
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-3gv2-29qc-v67m
NOTE: https://github.com/symfony/symfony/commit/5909d74ecee359ea4982fcf4331aaf2e489a1fd4
CVE-2022-24894 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 5.4.20+dfsg-1
[bullseye] - symfony 4.4.19+dfsg-2+deb11u2
- [buster] - symfony <postponed> (Minor issue, no rdeps for HttpCache.php/php-symfony-http-kernel)
NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-h7vf-5wrv-9fhv
NOTE: https://github.com/symfony/symfony/commit/d2f6322af9444ac5cd1ef3ac6f280dbef7f9d1fb
CVE-2022-24893 (ESP-IDF is the official development framework for Espressif SoCs. In E ...)
@@ -184670,7 +184668,6 @@ CVE-2021-21425 (Grav Admin Plugin is an HTML user interface that provides a way
NOT-FOR-US: Grav Admin Plugin
CVE-2021-21424 (Symfony is a PHP framework for web and console applications and a set ...)
- symfony 4.4.19+dfsg-2
- [buster] - symfony <no-dsa> (Minor issue; can be fixed via point release)
[stretch] - symfony <postponed> (Minor issue)
NOTE: https://symfony.com/blog/cve-2021-21424-prevent-user-enumeration-in-authentication-mechanisms
NOTE: https://github.com/symfony/symfony/commit/f012eee6c6034a94566dff596fe4e16dfc5d9c1f
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[11 Jul 2023] DLA-3493-1 symfony - security update
+ {CVE-2021-21424 CVE-2022-24894 CVE-2022-24895}
+ [buster] - symfony 3.4.22+dfsg-2+deb10u2
[11 Jul 2023] DLA-3492-1 yajl - security update
{CVE-2017-16516 CVE-2022-24795 CVE-2023-33460}
[buster] - yajl 2.1.0-3+deb10u2
=====================================
data/dla-needed.txt
=====================================
@@ -207,10 +207,6 @@ suricata (Adrian Bunk)
NOTE: 20230620: I'd suggest reviewing the CVEs, precise the triage (postponed/ignored),
NOTE: 20230620: and possibly issue a DSA with a few CVEs that were fixed in later dists (Beuc/front-desk)
--
-symfony (guilhem)
- NOTE: 20230620: Added by Front-Desk (Beuc)
- NOTE: 20230620: Follow fixes from bullseye 11.7 (2 CVEs) + 1 other postponed CVE (Beuc/front-desk)
---
tiff (Adrian Bunk)
NOTE: 20230702: Added by Front-Desk (ta)
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0e0bc874e3d6e59e1575c4cb02f564039c0857
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aa0e0bc874e3d6e59e1575c4cb02f564039c0857
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20230711/07f9c33a/attachment.htm>
More information about the debian-security-tracker-commits
mailing list