Source: symfony Version: 5.4.30+dfsg-1 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 5.4.29+dfsg-1 Control: found -1 5.4.23+dfsg-1 Control: found -1 4.4.19+dfsg-2+deb11u3 Control: found -1 4.4.19+dfsg-2 Control: found -1 3.4.22+dfsg-2+deb10u2 Control: found -1 3.4.22+dfsg-2
Hi, The following vulnerability was published for symfony. CVE-2023-46734[0]: | Symfony is a PHP framework for web and console applications and a | set of reusable PHP components. Starting in versions 2.0.0, 5.0.0, | and 6.0.0 and prior to versions 4.4.51, 5.4.31, and 6.3.8, some Twig | filters in CodeExtension use `is_safe=html` but don't actually | ensure their input is safe. As of versions 4.4.51, 5.4.31, and | 6.3.8, Symfony now escapes the output of the affected filters. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-46734 https://www.cve.org/CVERecord?id=CVE-2023-46734 [1] https://github.com/symfony/symfony/security/advisories/GHSA-q847-2q57-wmr3 [2] https://github.com/symfony/symfony/commit/9da9a145ce57e4585031ad4bee37c497353eec7c Regards, Salvatore