Control: tags -1 + confirmed On Fri, 2021-11-26 at 07:40 -0400, David Prévot wrote: > * Prevent CSV injection via formulas [CVE-2021-41270] > > [ Reason ] > The security issue was introduced in 4.1 (buster shipped with > 3.4). The security team decided it doesn’t warrant a DSA. > > [ Impact ] > It makes applications depending on php-symfony-serializer vulnerable > to > CSV injection. >
+symfony (4.4.19+dfsg-2+deb11u1) stable; urgency=medium We generally prefer using codenames (so "bullseye") as the distribution, as it's more self-documenting over time (and doesn't have unexpected side-effects if an update is uploaded and accepted on opposite sides of a release occurring). Please go ahead. Regards, Adam