-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 24 Nov 2023 18:03:46 CET Source: symfony Architecture: source Version: 3.4.22+dfsg-2+deb10u3 Distribution: buster-security Urgency: high Maintainer: Debian PHP PEAR Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Checksums-Sha1: 0bcc11fe399d4f68395eee9a664ddf231dd00d2f 7053 symfony_3.4.22+dfsg-2+deb10u3.dsc 13fea87c490a2ff72c7a2085f4c03edec984e745 55936 symfony_3.4.22+dfsg-2+deb10u3.debian.tar.xz 524592a6e767b71538862c6a9db3f2a63581b4fc 29871 symfony_3.4.22+dfsg-2+deb10u3_amd64.buildinfo Checksums-Sha256: 26ac3cc54ac1a2cec05406a525fcc01857a551f9cbacb48adedef8d7b7429575 7053 symfony_3.4.22+dfsg-2+deb10u3.dsc 6039edf91b315f4081fcef6753e128dbb9a43db3c297811de2fb49288ec04a44 55936 symfony_3.4.22+dfsg-2+deb10u3.debian.tar.xz ecd1c8cb7977888499d585a0125b80b237374f8200295e878ea569543094241b 29871 symfony_3.4.22+dfsg-2+deb10u3_amd64.buildinfo Changes: symfony (3.4.22+dfsg-2+deb10u3) buster-security; urgency=high . * Non-maintainer upload by the LTS team. * Fix CVE-2023-46734: Pierre Rudloff discovered a potential XSS vulnerability in Symfony, a PHP framework. Some Twig filters in CodeExtension use `is_safe=html` but do not actually ensure their input is safe. Symfony now escapes the output of the affected filters. Files: 51095e1dee8250bff9459ceb15c19d57 7053 php optional symfony_3.4.22+dfsg-2+deb10u3.dsc 33f863966aa958383d89b319ff4b7279 55936 php optional symfony_3.4.22+dfsg-2+deb10u3.debian.tar.xz c869ac3aeb393b4d8c5bf6855c2c10f2 29871 php optional symfony_3.4.22+dfsg-2+deb10u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVg2dRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1Hk4w0QAI3YXoMO7X/C+R5lxD3HNmcVab25TnqDg5Tj zxZG6TTLM/3m5ymgmSjfMUlD6Eml4rLN8u15vgYBANZYREoygmZ1r+oTYe9QpkPq j5j4/pYnPGFW77HpHZvpp4NjqGCdqPMoXcHF4zczOxbO6Hc6u5Y214ZpbSo4hUSE zjGpWg5P8cARhDn9kR3Ien84i7uxrdURRA5+miEshYO4FqbeClC0r5rk/4R6IvJd vdKEaPX2JwhhY60mOT1c47w2rAPblfpJu9yk8wdyLfg0EBysgeUXcXpT3p+6gsZg kxDa6KNAZXWlK2BvmmXJCQyLo+likcVEKylPhyMQz6nvB4h7CU2VY/CTtdbA+PJf wmEeDET3k8lfyuxXlrAyOt/jOQ8wYu1puci0dSMQaN4Od6XhvtDW0xIHrY+hbTRY jpxvTGa5MJdhGkcNoKVX5uoWOLIUUNvtRlKnuksdEwBNYa5K9VDE9qGc+1M42d7o n4azeSfNvIOWm9lqUc+ejGjRtoMT5YRnPXQ+ReihhETCOP3KTe16NeI6R6U6qNMe GkVH0A61SZP9/L8RHgGIZCoW30T6VTP58IDA8HwnJmjdM6tIenZ5p4jLDHJ9cjWo HNnOmx7xAcbltE7cKIhIwynEqazwWx0DOdHdL2iR+9eUYl1JPtWWJ3wiZIiIEIRf zO82NReV =NNPl -----END PGP SIGNATURE-----