Your message dated Thu, 21 Dec 2023 21:06:36 +0000
with message-id <[email protected]>
and subject line Bug#1055774: fixed in symfony 4.4.19+dfsg-2+deb11u4
has caused the Debian Bug report #1055774,
regarding symfony: CVE-2023-46734
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1055774: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055774
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: symfony
Version: 5.4.30+dfsg-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Control: found -1 5.4.29+dfsg-1
Control: found -1 5.4.23+dfsg-1
Control: found -1 4.4.19+dfsg-2+deb11u3
Control: found -1 4.4.19+dfsg-2
Control: found -1 3.4.22+dfsg-2+deb10u2
Control: found -1 3.4.22+dfsg-2
Hi,
The following vulnerability was published for symfony.
CVE-2023-46734[0]:
| Symfony is a PHP framework for web and console applications and a
| set of reusable PHP components. Starting in versions 2.0.0, 5.0.0,
| and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig
| filters in CodeExtension use `is_safe=html` but don't actually
| ensure their input is safe. As of versions 4.4.51, 5.4.31, and
| 6.3.8, Symfony now escapes the output of the affected filters.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2023-46734
https://www.cve.org/CVERecord?id=CVE-2023-46734
[1] https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3
[2]
https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: symfony
Source-Version: 4.4.19+dfsg-2+deb11u4
Done: David Prévot <[email protected]>
We believe that the bug you reported is fixed in the latest version of
symfony, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
David Prévot <[email protected]> (supplier of updated symfony package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sat, 11 Nov 2023 19:09:20 +0100
Source: symfony
Architecture: source
Version: 4.4.19+dfsg-2+deb11u4
Distribution: bullseye
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <[email protected]>
Changed-By: David Prévot <[email protected]>
Closes: 1034854 1055774
Changes:
symfony (4.4.19+dfsg-2+deb11u4) bullseye; urgency=medium
.
* [Mime] regenerate test certificates (Closes: #1034854)
* Backport security fix from Symfony 4.4.51
- [TwigBridge] Ensure CodeExtension's filters properly escape their input
[CVE-2023-46734] (Closes: #1055774)
Checksums-Sha1:
1c61f3f4ec6608eceee5ef710b8509710a6f6ef0 7871 symfony_4.4.19+dfsg-2+deb11u4.dsc
75667f65bcd94505819146a733b7ff0b3db20b2a 83448
symfony_4.4.19+dfsg-2+deb11u4.debian.tar.xz
f6457531c7bc54670148ba0be97927674799565d 35150
symfony_4.4.19+dfsg-2+deb11u4_amd64.buildinfo
Checksums-Sha256:
412065518c6260012a5c2db9caa2a166e9ba2f42a2f950246aea90227d209aaa 7871
symfony_4.4.19+dfsg-2+deb11u4.dsc
ca4f9d4aab5a8b84e31012908ef75f7a87ab0e85f2091ccaaba9c6fa076176d6 83448
symfony_4.4.19+dfsg-2+deb11u4.debian.tar.xz
4631b1013303d893c3438294f625a3411f76dc36ad5186a3c6f6ccd31de022b9 35150
symfony_4.4.19+dfsg-2+deb11u4_amd64.buildinfo
Files:
f7ddc6c1a927dc978d02a8d2dc33a8be 7871 php optional
symfony_4.4.19+dfsg-2+deb11u4.dsc
dea4fd6dc6e13eba4aeb07e7b992cfbf 83448 php optional
symfony_4.4.19+dfsg-2+deb11u4.debian.tar.xz
b9de690c7016e0eec866187f78ec0c0e 35150 php optional
symfony_4.4.19+dfsg-2+deb11u4_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmWC36wSHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r0826EIAIkfRXIgirZ81e2saWub/LpMw7ke16tQ
RkccR71JBZW9WKegxcKDditcoSOlCfiL88XF5gD9orrqmh3CgSi0DWWnM9Lhc6vo
1GOcMgoCCXo09qNmr/FLFPGoFtvn8LWA1Mwm/tNcSrFaqs8ycAfQS+FzkSU8XVSV
LurGwfIJ5GWV1Ug9gsn9OtDBboQ+re68kW16Rzspk4ttGhGUZyN5dMQx08P/ASg+
C3qs4jwexPU2Ww1lwsolDmXMkwI9BBVjMieurXs6EPlPk6w6m2tjd+LmTg8h+yPL
/Ik197uSLF8yHZRfYTmYE7lhLtRpMzVsA3XHjtpxB/xFfmd+ARvpIo8=
=gyoZ
-----END PGP SIGNATURE-----
--- End Message ---
