Bug#1000645: bullseye-pu: package symfony/4.4.19+dfsg-2+deb11u1
Control: tags -1 + confirmed
On Fri, 2021-11-26 at 07:40 -0400, David Prévot wrote:
> * Prevent CSV injection via formulas [CVE-2021-41270]
>
> [ Reason ]
> The security issue was introduced in 4.1 (buster shipped with
> 3.4). The security team decided it doesn’t warrant a DSA.
>
> [ Impact ]
> It makes applications depending on php-symfony-serializer vulnerable
> to
> CSV injection.
>
+symfony (4.4.19+dfsg-2+deb11u1) stable; urgency=medium
We generally prefer using codenames (so "bullseye") as the
distribution, as it's more self-documenting over time (and doesn't have
unexpected side-effects if an update is uploaded and accepted on
opposite sides of a release occurring).
Please go ahead.
Regards,
Adam
Reply to: