[Git][security-tracker-team/security-tracker][master] Triage CVE-2024-{50340,50342,51996}/symfony for bullseye

Guilhem Moulin (@guilhem) guilhem at debian.org
Sat May 31 17:14:23 BST 2025 


Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker


Commits:
b2cf7a23 by Guilhem Moulin at 2025-05-31T18:13:53+02:00
Triage CVE-2024-{50340,50342,51996}/symfony for bullseye

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -62938,6 +62938,7 @@ CVE-2024-52291 (Craft is a content management system (CMS). A vulnerability in C
 CVE-2024-51996 (Symphony process is a module for the Symphony PHP framework which exec ...)
 	{DSA-5813-1}
 	- symfony 6.4.15+dfsg-1
+	[bullseye] - symfony <not-affected> (Vulnerable code not present, introduced in 5.3)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-cg23-qf8f-62rr
 	NOTE: https://github.com/symfony/symfony/commit/81354d392c5f0b7a52bcbd729d6f82501e94135a (v5.4.47, v6.4.15, v7.1.8, v7.2.0-RC1)
 CVE-2024-50972 (A SQL injection vulnerability in printtool.php of Itsourcecode Constru ...)
@@ -65496,6 +65497,7 @@ CVE-2024-50343 (symfony/validator is a module for the Symphony PHP framework whi
 CVE-2024-50342 (symfony/http-client is a module for the Symphony PHP framework which p ...)
 	{DSA-5809-1}
 	- symfony 6.4.15+dfsg-1
+	[bullseye] - symfony <not-affected> (Vulnerable code not present, introduced in 5.1)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-9c3x-r3wp-mgxm
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/296d4b34a33b1a6ca5475c6040b3203622520f5b (v5.4.46, v6.4.14, v7.1.7)
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/b4bf5afdbdcb2fd03da513ee03beeabeb551e5fa (v5.4.47, v6.4.15, v7.1.8)
@@ -65508,6 +65510,7 @@ CVE-2024-50341 (symfony/security-bundle is a module for the Symphony PHP framewo
 CVE-2024-50340 (symfony/runtime is a module for the Symphony PHP framework which enabl ...)
 	{DSA-5809-1}
 	- symfony 6.4.14+dfsg-1
+	[bullseye] - symfony <not-affected> (Vulnerable code not present, introduced in 5.3)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-x8vp-gf4q-mw5j
 	NOTE: Fixed by: https://github.com/symfony/symfony/commit/a77b308c3f179ed7c8a8bc295f82b2d6ee3493fa (v5.4.46, v6.4.14, v7.1.7)
 CVE-2024-48325 (Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDo ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2cf7a238e365909502017c444f7d87a994378f5

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b2cf7a238e365909502017c444f7d87a994378f5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250531/37b59a9e/attachment.htm>

More information about the debian-security-tracker-commits mailing list