Accepted symfony 3.4.22+dfsg-2+deb10u3 (source) into oldoldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 24 Nov 2023 18:03:46 CET
Source: symfony
Architecture: source
Version: 3.4.22+dfsg-2+deb10u3
Distribution: buster-security
Urgency: high
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
0bcc11fe399d4f68395eee9a664ddf231dd00d2f 7053 symfony_3.4.22+dfsg-2+deb10u3.dsc
13fea87c490a2ff72c7a2085f4c03edec984e745 55936 symfony_3.4.22+dfsg-2+deb10u3.debian.tar.xz
524592a6e767b71538862c6a9db3f2a63581b4fc 29871 symfony_3.4.22+dfsg-2+deb10u3_amd64.buildinfo
Checksums-Sha256:
26ac3cc54ac1a2cec05406a525fcc01857a551f9cbacb48adedef8d7b7429575 7053 symfony_3.4.22+dfsg-2+deb10u3.dsc
6039edf91b315f4081fcef6753e128dbb9a43db3c297811de2fb49288ec04a44 55936 symfony_3.4.22+dfsg-2+deb10u3.debian.tar.xz
ecd1c8cb7977888499d585a0125b80b237374f8200295e878ea569543094241b 29871 symfony_3.4.22+dfsg-2+deb10u3_amd64.buildinfo
Changes:
symfony (3.4.22+dfsg-2+deb10u3) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2023-46734:
Pierre Rudloff discovered a potential XSS vulnerability in Symfony, a PHP
framework. Some Twig filters in CodeExtension use `is_safe=html` but do not
actually ensure their input is safe. Symfony now escapes the output of the
affected filters.
Files:
51095e1dee8250bff9459ceb15c19d57 7053 php optional symfony_3.4.22+dfsg-2+deb10u3.dsc
33f863966aa958383d89b319ff4b7279 55936 php optional symfony_3.4.22+dfsg-2+deb10u3.debian.tar.xz
c869ac3aeb393b4d8c5bf6855c2c10f2 29871 php optional symfony_3.4.22+dfsg-2+deb10u3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmVg2dRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk4w0QAI3YXoMO7X/C+R5lxD3HNmcVab25TnqDg5Tj
zxZG6TTLM/3m5ymgmSjfMUlD6Eml4rLN8u15vgYBANZYREoygmZ1r+oTYe9QpkPq
j5j4/pYnPGFW77HpHZvpp4NjqGCdqPMoXcHF4zczOxbO6Hc6u5Y214ZpbSo4hUSE
zjGpWg5P8cARhDn9kR3Ien84i7uxrdURRA5+miEshYO4FqbeClC0r5rk/4R6IvJd
vdKEaPX2JwhhY60mOT1c47w2rAPblfpJu9yk8wdyLfg0EBysgeUXcXpT3p+6gsZg
kxDa6KNAZXWlK2BvmmXJCQyLo+likcVEKylPhyMQz6nvB4h7CU2VY/CTtdbA+PJf
wmEeDET3k8lfyuxXlrAyOt/jOQ8wYu1puci0dSMQaN4Od6XhvtDW0xIHrY+hbTRY
jpxvTGa5MJdhGkcNoKVX5uoWOLIUUNvtRlKnuksdEwBNYa5K9VDE9qGc+1M42d7o
n4azeSfNvIOWm9lqUc+ejGjRtoMT5YRnPXQ+ReihhETCOP3KTe16NeI6R6U6qNMe
GkVH0A61SZP9/L8RHgGIZCoW30T6VTP58IDA8HwnJmjdM6tIenZ5p4jLDHJ9cjWo
HNnOmx7xAcbltE7cKIhIwynEqazwWx0DOdHdL2iR+9eUYl1JPtWWJ3wiZIiIEIRf
zO82NReV
=NNPl
-----END PGP SIGNATURE-----
Reply to: