subject:"Bug#1055988\: bullseye\-pu\: package symfony\/4.4.19\+dfsg\-2\+deb11u4"

Bug#1055988: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u4

2023-12-19 Thread Jonathan Wiltshire

Control: tag -1 confirmed

On Wed, Nov 15, 2023 at 02:04:50PM +0100, David Prévot wrote:
> As per #1055986 for Bookworm, I’d like to fix the following security
> issue in the next point release, as advised by the security team (they
> do not intend to issue a DSA for that).
> 
> [TwigBridge] Ensure CodeExtension's filters properly escape their input
> [CVE-2023-46734] (Closes: #1055774)
> 
> It also fixes the testsuite using a patch prepared a while ago.
> 
> [Mime] regenerate test certificates (Closes: #1034854)

Please go ahead.

Thanks,

-- 
Jonathan Wiltshire  j...@debian.org
Debian Developer http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51
ed25519/0x196418AAEB74C8A1: CA619D65A72A7BADFC96D280196418AAEB74C8A1

Bug#1055988: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u4

2023-11-15 Thread David Prévot

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian@packages.debian.org
Usertags: pu
X-Debbugs-Cc: symf...@packages.debian.org, Debian PHP PEAR Maintainers 

Control: affects -1 + src:symfony

Hi,

As per #1055986 for Bookworm, I’d like to fix the following security
issue in the next point release, as advised by the security team (they
do not intend to issue a DSA for that).

[TwigBridge] Ensure CodeExtension's filters properly escape their input
[CVE-2023-46734] (Closes: #1055774)

It also fixes the testsuite using a patch prepared a while ago.

[Mime] regenerate test certificates (Closes: #1034854)

I didn’t test the packages thoroughly (and I’m not sure to have much
time for a while), but at least the testsuites pass.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Thanks in advance,

taffit
diff -Nru symfony-4.4.19+dfsg/debian/changelog symfony-4.4.19+dfsg/debian/changelog
--- symfony-4.4.19+dfsg/debian/changelog	2023-02-27 23:05:34.0 +0100
+++ symfony-4.4.19+dfsg/debian/changelog	2023-11-11 19:09:20.0 +0100
@@ -1,3 +1,12 @@
+symfony (4.4.19+dfsg-2+deb11u4) bullseye; urgency=medium
+
+  * [Mime] regenerate test certificates (Closes: #1034854)
+  * Backport security fix from Symfony 4.4.51
+- [TwigBridge] Ensure CodeExtension's filters properly escape their input
+  [CVE-2023-46734] (Closes: #1055774)
+
+ -- David Prévot   Sat, 11 Nov 2023 19:09:20 +0100
+
 symfony (4.4.19+dfsg-2+deb11u3) bullseye; urgency=medium
 
   * Drop dependency bump.
diff -Nru symfony-4.4.19+dfsg/debian/patches/Mime-regenerate-test-certificates.patch symfony-4.4.19+dfsg/debian/patches/Mime-regenerate-test-certificates.patch
--- symfony-4.4.19+dfsg/debian/patches/Mime-regenerate-test-certificates.patch	1970-01-01 01:00:00.0 +0100
+++ symfony-4.4.19+dfsg/debian/patches/Mime-regenerate-test-certificates.patch	2023-11-11 19:09:20.0 +0100
@@ -0,0 +1,801 @@
+From: Nicolas Grekas 
+Date: Wed, 19 Apr 2023 11:49:13 +0200
+Subject: [Mime] regenerate test certificates
+
+Origin: upstream, http://github.com/symfony/symfony/commit/0e5e8754fd793b71202ac8554916b55410d4d08f
+Bug-Debian: https://bugs.debian.org/1034854
+---
+ src/Symfony/Component/Mime/Tests/_data/ca.crt  | 36 +++--
+ src/Symfony/Component/Mime/Tests/_data/ca.key  | 55 ++--
+ .../Component/Mime/Tests/_data/create-cert.sh  | 14 ++---
+ src/Symfony/Component/Mime/Tests/_data/encrypt.crt | 34 ++--
+ src/Symfony/Component/Mime/Tests/_data/encrypt.key | 55 ++--
+ .../Component/Mime/Tests/_data/encrypt2.crt| 34 ++--
+ .../Component/Mime/Tests/_data/encrypt2.key| 55 ++--
+ .../Component/Mime/Tests/_data/intermediate.crt| 32 ++--
+ .../Component/Mime/Tests/_data/intermediate.key| 55 ++--
+ src/Symfony/Component/Mime/Tests/_data/sign.crt| 36 ++---
+ src/Symfony/Component/Mime/Tests/_data/sign.key| 55 ++--
+ src/Symfony/Component/Mime/Tests/_data/sign2.crt   | 32 ++--
+ src/Symfony/Component/Mime/Tests/_data/sign2.key   | 55 ++--
+ src/Symfony/Component/Mime/Tests/_data/sign3.crt   | 34 ++--
+ src/Symfony/Component/Mime/Tests/_data/sign3.key   | 60 +++---
+ 15 files changed, 325 insertions(+), 317 deletions(-)
+
+diff --git a/src/Symfony/Component/Mime/Tests/_data/ca.crt b/src/Symfony/Component/Mime/Tests/_data/ca.crt
+index bca02b3..0418947 100644
+--- a/src/Symfony/Component/Mime/Tests/_data/ca.crt
 b/src/Symfony/Component/Mime/Tests/_data/ca.crt
+@@ -1,19 +1,21 @@
+ -BEGIN CERTIFICATE-
+-MIIDFDCCAfwCCQDaMw8tuy1dgDANBgkqhkiG9w0BAQsFADBMMRcwFQYDVQQDDA5T
+-eW1mb255TWltZSBDQTEUMBIGA1UECgwLU3ltZm9ueU1pbWUxDjAMBgNVBAcMBVBh
+-cmlzMQswCQYDVQQGEwJGUjAeFw0xOTA0MTkxNDIwMTFaFw0yMzA0MTgxNDIwMTFa
+-MEwxFzAVBgNVBAMMDlN5bWZvbnlNaW1lIENBMRQwEgYDVQQKDAtTeW1mb255TWlt
+-ZTEOMAwGA1UEBwwFUGFyaXMxCzAJBgNVBAYTAkZSMIIBIjANBgkqhkiG9w0BAQEF
+-AAOCAQ8AMIIBCgKCAQEAnvxOWE8qOVkuYbTu6u4Oao2n91FPF6umrcF8mq0uD2G0
+-dtOJuFaR7FeElmJnHfWvqvesCigXyA7kpdVBFGhEo83SGYTbPSGzehWDc7Kvc321
+-UPvNb61T2Ekdo+5ufrpbzlOPtTTaVL98dFEZntYNM3CXnnSSdeKz38NlHHV3QsDZ
+-crQRMxHrYi2bgkhxVoAY03ZQRbb95rEE1cfyGZ0x6VSBrVC2nnEUT2vopwny/vy+
+-QSn3oga+ucMkxJdoD8MA13Zh5I4Uiozl82xoWH/zmVrqrrO2lNBv7WYOnwbv6MSr
+-5kCE3Kcqzs8qAGv62GYyS4exIMEZsbbPv3cvp9hgYQIDAQABMA0GCSqGSIb3DQEB
+-CwUAA4IBAQBuJtPqAX6ApOymDux9sRqxx5FMIIEX2TmanSSSLesP0AVVLv8Am8/p
+-Xs8N9e49KoQhnQ3FmdtwY6IV6f3yIMnZxmkXZoUi4zCkSZd/+2iap1c51zV1b6NC
+-4C5LZtdWzhons4jOmtmxaMSy08oPPYv1wXATjjfHvqqYa/7axLY1mqbxLYC437Fv
+-H5zkdzQM2qXpIgtCjlXfOd/L9Az5DTSH4UvWiiocRdmnxGP+nMEOuUUvLzokJSeq
+-Otw4gjxczF8NQ/g/io6iG3w4OfjgRrCpuMv/l3eYClC7vDXOX9S172CpzaD/qkHM
+-NFxckxTgT4ylmivmHZWym4xS1bkAAAsd

Bug#1055988: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u4

Bug#1055988: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u4

2 matches

Site Navigation

Mail list logo

Footer information