[SECURITY] [DSA 5813-1] symfony security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5813-1 security@debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
November 15, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : symfony
CVE ID : CVE-2024-51996
Moritz Rauch discovered that the Symfony PHP framework implemented
persisted remember-me cookies incorrectly, which could result in
authentication bypass.
For the stable distribution (bookworm), this problem has been fixed in
version 5.4.23+dfsg-1+deb12u4.
We recommend that you upgrade your symfony packages.
For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/symfony
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmc3hfcACgkQEMKTtsN8
TjZZqQ//UwZZ1H2r1s4Dn/wxuq7Wx2Gn9x4Mn2ZeRcmLWf8AEQlOTEUo7GyR539Y
WqvbTpPiik9kIHF6qOaH9ANSWs0Up/8a3NTueHwrLqOsa1YLm4mMGgAlzO12idwS
8+nZLUs16mtlOSKzSdqPxymeVu58QEoKx336pAwkG6ntYnfjo85G/gfrp17UGiKY
fcjY7xIMoEC+/LhcLleExtxe7roFfMDtagBxuwJ88/ZdYG0ge7DOfrOvH5Eay3/g
2sDo1gxB8texfosV+kFzPIZd7reJMZRuIY4rqvJ31uu85R4yXQSa8mPbm8jFBVsK
wyqzuqhKgBlJC3bIoZ6HyoO7bqRqOysr697CrS+jgQ2bqNxEQYwj9Hy3EWezwElT
4YxJsFyoq2TpNf2wzAa6WTh2ucA7mAu3KxuddykGjtiPHNU8JwONS2nw1KfGwgrq
vz4J9bZZoWaWBQF1RyMA2nFDyc5P13R8LbvLE8eI9uoF/AkHT3AI1Ve7FpmIbqvr
PlnpPUTFFn/I+QxrhttRYkZ8KSI48Xrq7XhfpDmirQOhMOeRM+bAo96l9J9xksBl
e3rP8laI6fUNbDp0C/HSbAYCOvpGt65rPdzlbP8Qg3JcdcBpSyDhxHI7D6Cf6oqq
fAHHnjY8ag6ASvoLISu+xshJe1uY48AcbBx8ORaknxJ5bIYi7Zw=
=ywf6
-----END PGP SIGNATURE-----
Reply to: