[pkg-php-pear] Bug#1103881: php-laravel-framework: CVE-2025-27515
Robin Gustafsson
robin at rgson.se
Tue Apr 22 21:46:57 BST 2025
Hi Moritz,
Thanks for the report.
On 4/22/25 14:09, Moritz Mühlenhoff wrote:
> [...]
> The following vulnerability was published for php-laravel-framework.
>
> CVE-2025-27515[0]:
Thanks. I'll upload a fix for sid/trixie soon.
> There are also two other security issues affecting sid/trixie and
> which are already fixed in experimental:
> https://security-tracker.debian.org/tracker/CVE-2024-13918
> https://security-tracker.debian.org/tracker/CVE-2024-13919
These were introduced in 11.9.0 so the versions in Debian aren't affected.
> So possibly trixie should be moved to 11.44.1 unless it's a very
> breaking change between 10 and 11?
Unfortunately, that isn't possible due to a dependency on php-symfony 7.
--
Regards,
Robin
GPG: B26C 2ED3 7324 6221 9C3D 1DFE 293A 3C91 D188 369C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20250422/21aedbd8/attachment.sig>
More information about the pkg-php-pear
mailing list