------------------------------------------------------------------------- Debian LTS Advisory DLA-3664-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Markus Koschany November 24, 2023 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : symfony Version : 3.4.22+dfsg-2+deb10u3 CVE ID : CVE-2023-46734 Debian Bug : 1055774 Pierre Rudloff discovered a potential XSS vulnerability in Symfony, a PHP framework. Some Twig filters in CodeExtension use `is_safe=html` but do not actually ensure their input is safe. Symfony now escapes the output of the affected filters. For Debian 10 buster, this problem has been fixed in version 3.4.22+dfsg-2+deb10u3. We recommend that you upgrade your symfony packages. For the detailed security status of symfony please refer to its security tracker page at: https://security-tracker.debian.org/tracker/symfony Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: This is a digitally signed message part