Bug#1000645: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u1

To: David Prévot <taffit@debian.org>, 1000645@bugs.debian.org
Subject: Bug#1000645: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 04 Dec 2021 17:13:18 +0000
Message-id: <[🔎] af07b4efb8832dd845a774b46178c03e0b49c8a1.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1000645@bugs.debian.org
In-reply-to: <YaDHucYgLYT74Mum@persil.tilapin.org>
References: <YaDHucYgLYT74Mum@persil.tilapin.org> <YaDHucYgLYT74Mum@persil.tilapin.org>

Control: tags -1 + confirmed

On Fri, 2021-11-26 at 07:40 -0400, David Prévot wrote:
>   * Prevent CSV injection via formulas [CVE-2021-41270]
> 
> [ Reason ]
> The security issue was introduced in 4.1 (buster shipped with 
> 3.4). The security team decided it doesn’t warrant a DSA.
> 
> [ Impact ]
> It makes applications depending on php-symfony-serializer vulnerable
> to
> CSV injection.
> 

+symfony (4.4.19+dfsg-2+deb11u1) stable; urgency=medium

We generally prefer using codenames (so "bullseye") as the
distribution, as it's more self-documenting over time (and doesn't have
unexpected side-effects if an update is uploaded and accepted on
opposite sides of a release occurring).

Please go ahead.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1000645: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u1
  - From: David Prévot <taffit@debian.org>

Prev by Date: Processed: Re: Bug#1000607: bullseye-pu: package ros-ros-comm/1.15.9-ds1-7
Next by Date: Processed: Re: Bug#1000645: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u1
Previous by thread: Processed: Re: Bug#1000607: bullseye-pu: package ros-ros-comm/1.15.9-ds1-7
Next by thread: Processed: Re: Bug#1000645: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u1
Index(es):
- Date
- Thread