Bug#1055986: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u1

To: David Prévot <taffit@debian.org>, 1055986@bugs.debian.org
Subject: Bug#1055986: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Wed, 29 Nov 2023 22:06:12 +0000
Message-id: <[🔎] 2f510c6be008308b82adf8ebc2826f8e117bb67d.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1055986@bugs.debian.org
In-reply-to: <[🔎] ZVS_WkAT07J2v6Nw@persil.tilapin.org>
References: <[🔎] ZVS_WkAT07J2v6Nw@persil.tilapin.org> <[🔎] ZVS_WkAT07J2v6Nw@persil.tilapin.org>

Control: tags -1 + confirmed

On Wed, 2023-11-15 at 13:53 +0100, David Prévot wrote:
> I’d like to fix the following two security issues in the next point
> release, as advised by the security team (they do not intend to issue
> a
> DSA for that).
> 
> [TwigBridge] Ensure CodeExtension's filters properly escape their
> input
> [CVE-2023-46734] (Closes: #1055774)
> [Security] Fix possible session fixation when only the *token*
> changes
> [CVE-2023-46733] (Closes: #1055775)

Please go ahead.

Regards,

Adam

Reply to:

References:
- Bug#1055986: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u1
  - From: David Prévot <taffit@debian.org>

Prev by Date: Processed: Re: Bug#1056164: bookworm-pu: package libervia-backend/0.9.0~hg3993-4+deb12u1
Next by Date: Processed: Re: Bug#1055986: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u1
Previous by thread: Processed: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u1
Next by thread: Processed: Re: Bug#1055986: bookworm-pu: package symfony/5.4.23+dfsg-1+deb12u1
Index(es):
- Date
- Thread