[pkg-php-pear] Bug#1030851: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u2
David Prévot
taffit at debian.org
Wed Feb 8 12:53:26 GMT 2023
Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian.org at packages.debian.org
Usertags: pu
X-Debbugs-Cc: symfony at packages.debian.org, Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Control: affects -1 + src:symfony
[ Reason ]
I’ve been asked the security team to provide those fixes for the
upcoming 11.7 point release after their review.
[ Impact ]
Two CVEs have been assigned to Symfony, the version currently in
unstable and bookworm ships the fixes, the attached debdiff is a
proposal for Bullseye.
https://symfony.com/blog/cve-2022-24894-prevent-storing-cookie-headers-in-httpcache
https://symfony.com/blog/cve-2022-24895-csrf-token-fixation
[ Tests ]
I didn’t test it thoroughly (I doubt to have much time for at least
another week), but it passes
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
Regards
taffit
-------------- next part --------------
A non-text attachment was scrubbed...
Name: symfony.diff
Type: text/x-diff
Size: 14918 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20230208/eb43207a/attachment-0003.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20230208/eb43207a/attachment-0003.sig>
More information about the pkg-php-pear
mailing list