[pkg-php-pear] symfony_8.0.12+dfsg-1_source.changes ACCEPTED into experimental

Debian FTP Masters ftpmaster at ftp-master.debian.org
Wed May 20 20:49:22 BST 2026 

Thank you for your contribution to Debian.



Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 18:54:15 +0200
Source: symfony
Architecture: source
Version: 8.0.12+dfsg-1
Distribution: experimental
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: David Prévot <taffit at debian.org>
Changes:
 symfony (8.0.12+dfsg-1) experimental; urgency=medium
 .
   [ Alexandre Daubois ]
   * [Routing] Fix regex alternation anchoring in UrlGenerator requirement
     validation [CVE-2026-45065]
   * [DomCrawler] Fix XXE in addXmlContent() by not enabling `validateOnParse`
     [CVE-2026-45071]
   * [HtmlSanitizer] Fix allowLinkHosts/allowMediaHosts bypass via URL parser
     differentials and <area> misclassification [CVE-2026-45066]
   * [Security] Add missing claims in `OidcTokenHandler` [CVE-2026-45069]
   * [Security] Anchor emailAddress regex to RDN boundary in X509Authenticator
     [CVE-2026-45063]
   * [Mime] Reject email addresses containing line breaks in Address
     [CVE-2026-45067]
   * [Mailer] Add end-of-options separator before recipients in
     SendmailTransport; reject addresses starting with a dash [CVE-2026-45068]
   * [JsonPath] Cap regex backtracking in match()/search() to prevent ReDoS
     [CVE-2026-45756]
   * [Mailer][Mailjet] Reject webhooks with missing or invalid Basic credentials
     [CVE-2026-45754]
   * [Mailer][Mailtrap] Reject webhooks with missing or invalid HMAC signature
     [CVE-2026-45755]
 .
   [ Nicolas Grekas ]
   * [HtmlSanitizer] Reject BiDi override characters and percent-encode spaces
     in URLs [CVE-2026-45064]
   * [MonologBridge] Bind server:log to localhost by default [CVE-2026-45077]
   * [Security][HttpKernel] Fix HEAD requests bypassing methods filter in
     `IsGranted`, `IsCsrfTokenValid` and `IsSignatureValid` attributes
     [CVE-2026-45075]
   * [Yaml] Bound recursion depth in the parser [CVE-2026-45133]
   * [TwigBridge] Fix XSS issue in CodeExtension::fileExcerpt() [CVE-2026-45072]
   * [Cache] Validate the prefix given to AbstractAdapter::clear()
     [CVE-2026-45073]
   * [Yaml] Bound collection-alias resolution in the parser [CVE-2026-45304]
   * [Yaml] Harden the Parser::cleanup() regexes against catastrophic
     backtracking [CVE-2026-45305]
   * [Security] Require configuring trusted hosts when using CAS authentication
     [CVE-2026-45074]
   * [Notifier][Lox24] Reject webhooks with missing or invalid token
     [CVE-2026-45754]
   * [Notifier][Twilio] Reject webhooks with missing or invalid HMAC signature
     [CVE-2026-47212]
   * [HtmlSanitizer] Sanitize URLs in action, formaction, poster and cite
     attributes [CVE-2026-45753]
   * [Runtime] Fix CVE-2024-50340 patch bypass by gating argv on
     $_SERVER['QUERY_STRING'] [CVE-2026-46626]
 .
   [ Fabien Potencier ]
   * Update VERSION for 8.0.12
Checksums-Sha1:
 bdeb5f68bec9c7f1e26c8efec8d33c51d5b4727d 19026 symfony_8.0.12+dfsg-1.dsc
 cb6cfe66c175f4f49c46903c211b606a3e161bfa 9198556 symfony_8.0.12+dfsg.orig.tar.xz
 3c3a60ad75021c5e7f2357338a625a217db1f800 78824 symfony_8.0.12+dfsg-1.debian.tar.xz
 b8b1b46a01a805748503e8cde8322c905d0a3328 74372 symfony_8.0.12+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 99e4dd118da4a1c9c03b0149103616a0f00c399ffac0e40455b3a60fdf9cd4bc 19026 symfony_8.0.12+dfsg-1.dsc
 66be3990d18df7b1664704830e203c89de4263c6e61911845d434897520f87da 9198556 symfony_8.0.12+dfsg.orig.tar.xz
 207db0251a32d10c09470c4ab80f3ffdba64f2d474dcf19de549343e69a6a4aa 78824 symfony_8.0.12+dfsg-1.debian.tar.xz
 b0ec431e5e11417767e36a5a9daba246996c8ab22dbea0280be0abc238bf7d09 74372 symfony_8.0.12+dfsg-1_amd64.buildinfo
Files:
 3ca33f4d5d1cecf2be3f87a384f804cf 19026 php optional symfony_8.0.12+dfsg-1.dsc
 9ac397ed1a31688c5b0408ce92b827b8 9198556 php optional symfony_8.0.12+dfsg.orig.tar.xz
 fb035ac2074c9da3bff90ea2e91bba4f 78824 php optional symfony_8.0.12+dfsg-1.debian.tar.xz
 1e728d8a7c0daae674af542f04457916 74372 php optional symfony_8.0.12+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFGBAEBCgAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmoOCWESHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08MFQH/AxW9l6iUpBOhRnuz6tsAE4XoMf1bnaF
LgwVMFJdNTfd0IkBoljsO+ry/skSIMdFKYPGqp3H15MHOPpjNpyOni0I0+ZMS7Fr
wCDvGSG6ZzBVeLGh0NQodxQq/2CQ8dbN8+medDWd744UgHEUx1K92cmbKzrTIbdy
faf10pVUJnDmpvIloWn+RhHP315JZDWC5aQsCUdcwIeCZsJxfUQI+2Ynnp+qGzRE
ZAb1UfqBt1dkm8bKB8QyWRrA5kyIaQKLjclolqoL7IqWCUs1u9uIcEniDg+n5+WV
+x1Z59fB4iuspJpt5SVWeDU8pwpor3ny07mH5m55IPL4LTU+TQKksUQ=
=r9kl
-----END PGP SIGNATURE-----

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-php-pear/attachments/20260520/cf74c268/attachment.sig>

More information about the pkg-php-pear mailing list