[pkg-php-pear] Bug#1103881: php-laravel-framework: CVE-2025-27515
Moritz Mühlenhoff
jmm at inutil.org
Wed Apr 23 07:44:50 BST 2025
On Tue, Apr 22, 2025 at 10:46:57PM +0200, Robin Gustafsson wrote:
> Hi Moritz,
>
> Thanks for the report.
>
> On 4/22/25 14:09, Moritz Mühlenhoff wrote:
> > [...]
> > The following vulnerability was published for php-laravel-framework.
> >
> > CVE-2025-27515[0]:
>
> Thanks. I'll upload a fix for sid/trixie soon.
Great, thanks.
> > There are also two other security issues affecting sid/trixie and
> > which are already fixed in experimental:
> > https://security-tracker.debian.org/tracker/CVE-2024-13918
> > https://security-tracker.debian.org/tracker/CVE-2024-13919
>
> These were introduced in 11.9.0 so the versions in Debian aren't affected.
We've updated the Security Tracker accordingly.
> > So possibly trixie should be moved to 11.44.1 unless it's a very
> > breaking change between 10 and 11?
>
> Unfortunately, that isn't possible due to a dependency on php-symfony 7.
Ah, I see.
Cheers,
Moritz
More information about the pkg-php-pear
mailing list