-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 23 May 2026 23:32:47 +0200 Source: symfony Architecture: source Version: 5.4.52+dfsg-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian PHP PEAR Maintainers <[email protected]> Changed-By: David Prévot <[email protected]> Changes: symfony (5.4.52+dfsg-0+deb12u1) bookworm-security; urgency=medium . [ Fabien Potencier ] * Update VERSION for 5.4.52 . [ Nicolas Grekas ] * [MonologBridge] Bind server:log to localhost by default [CVE-2026-45077] * [Yaml] Bound recursion depth in the parser [CVE-2026-45133] * [Cache] Validate the prefix given to AbstractAdapter::clear() [CVE-2026-45073] * [Yaml] Bound collection-alias resolution in the parser [CVE-2026-45304] * [Yaml] Harden the Parser::cleanup() regexes against catastrophic backtracking [CVE-2026-45305] * [Runtime] Fix CVE-2024-50340 patch bypass by gating argv on $_SERVER['QUERY_STRING'] [CVE-2026-46626] . [ Alexandre Daubois ] * [Routing] Fix regex alternation anchoring in UrlGenerator requirement validation [CVE-2026-45065] * [DomCrawler] Fix XXE in addXmlContent() by not enabling `validateOnParse` [CVE-2026-45071] * [Security] Anchor emailAddress regex to RDN boundary in X509Authenticator [CVE-2026-45063] * [Mime] Reject email addresses containing line breaks in Address [CVE-2026-45067] * [Mailer] Add end-of-options separator before recipients in SendmailTransport; reject addresses starting with a dash [CVE-2026-45068] . [ David Prévot ] * debian/gbp.conf: permit new upsteam release * Refresh patches * Update homemade autoload.php * Update copyright for new image * Exclude some test files for phpab * Use php-http-message-factory for tests Checksums-Sha1: 0fa327b1fff3780e861d4caf5b86fad54de66d28 13285 symfony_5.4.52+dfsg-0+deb12u1.dsc 2b53955828cb301984bd0586565834034709073d 5107180 symfony_5.4.52+dfsg.orig.tar.xz d422dd9b1b2fd48d6d2f1a3af874682a00250a22 64884 symfony_5.4.52+dfsg-0+deb12u1.debian.tar.xz 18b27af8e1908fd22e0aa9475cd0c99fe39f62c7 57646 symfony_5.4.52+dfsg-0+deb12u1_amd64.buildinfo Checksums-Sha256: 16e4ff5b8375d11bbb0627b87fb18be9db4bd8750eaaa6182228a912301ccb43 13285 symfony_5.4.52+dfsg-0+deb12u1.dsc ffc381be4966bec2f958abb63c5739b4b1c79f742ab10bea960173f76ad67b4f 5107180 symfony_5.4.52+dfsg.orig.tar.xz 2c64547afbefef42c7f353a490ff1b473f00c3cde1ededbcee61580ee7844f83 64884 symfony_5.4.52+dfsg-0+deb12u1.debian.tar.xz d370e84ba9b28a9074abac1ebc967160f1483b72c93b39b5c8e520f41cc1f099 57646 symfony_5.4.52+dfsg-0+deb12u1_amd64.buildinfo Files: 5fe9d2569979040bcc75359ceb72158b 13285 php optional symfony_5.4.52+dfsg-0+deb12u1.dsc 20a28646f1a1e5db17216cf1bb151592 5107180 php optional symfony_5.4.52+dfsg.orig.tar.xz 6d5798762ece53fde2219a4ba8c0ea3c 64884 php optional symfony_5.4.52+dfsg-0+deb12u1.debian.tar.xz f624dbd00347e70e066633d370a1fd6b 57646 php optional symfony_5.4.52+dfsg-0+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQFGBAEBCgAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmoUx9ISHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r0879oH/Rl+zs3oPHBY/bWUCGb3mGx4lSANTKRj jRtbEncBu8mzRktvTn/AgQHwev8il8il89wfoiu9Vy06B2dpHGUp/j8RwoyHP1me uWWG6m8DFWLtSyAw1INeNo4qKkUdRVNyWKbTvUTqXLPpp1qcnnj+e/PV+lR3/I+A C53miX88RqBufKgCI6qe7VbLPLnK+SYyfUqcdiHh/yP9GArtOgB/0zYS2HZmZD2m hrCTGgKSgV1XEnpv7eUWiyBIO2PM6venCv0pV4/eNocaSLGVzjbgjlyZt2ioqC74 o7SIfmX+kFoSwjZto+k0rMDnb06VdKo/wJl0bGLlow3A0ykWnuzRfZw= =Bu+Z -----END PGP SIGNATURE-----
pgp3QxR5Vv2Iz.pgp
Description: PGP signature
