[SECURITY] [DSA 6312-1] symfony security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6312-1] symfony security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Sun, 31 May 2026 12:26:40 +0000
Message-id: <[🔎] ahwpANDNJyh2p0nM@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6312-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 31, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : symfony
CVE ID         : CVE-2024-50340 CVE-2026-45063 CVE-2026-45064 CVE-2026-45065 
                 CVE-2026-45066 CVE-2026-45067 CVE-2026-45068 CVE-2026-45069 
                 CVE-2026-45071 CVE-2026-45072 CVE-2026-45073 CVE-2026-45077 
                 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-45754 
                 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 CVE-2026-48760 
                 CVE-2026-48761 CVE-2026-48784

Multiple vulnerabilities have been found in the Symfony PHP framework 
which could lead to a bypass of security controls, cross-site scripting,
denial of service, SQL injection, email header injection, information
disclosure or code execution via PHP object deserialization.

For the stable distribution (trixie), these problems have been fixed in
version 6.4.41+dfsg-0+deb13u1.

We recommend that you upgrade your symfony packages.

For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/symfony

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmocKNYACgkQEMKTtsN8
TjYwpg/8C5WIdlNPXu8U2ecYQqTw0UPkZw2/tmj2icQED6/Qgmk3RtrTGuPMxkrw
qF+wLAGKmQW+XFzFf1EjIj0Zdi+OcCGhY/trpiTjC0Oh1IyA1D8JvkTCUyYn5at/
INZFPm9/Vpfgs1fVU1dBEhpxFIemq0mU2qTCu4JO8I1wQkRInorlrOkj37eytaWe
tn963PdBr1j/R281itsdaU+aZ4VbJCMHH+wTYllUteipD47nqkXIJd5W/4/E3Mk4
QyWc8KhZkawqoW707Sm17PZY9D3CFwL1xrZ01LEpifQfzIpXua9xs67BfX1wBwvL
KQojyeM0kiJZFRGF5P+WLGWQ3Z23w51cqUEIzS7ckgwTaTyU086lSKWfzXQXKYCd
jRKdwqQtHzkxhNifektDViWBOJEkaLJL/X7LpnmMamS+brHgaWvHGZa/aLa6c47C
LoKAovtZDa1O32xLzukpUMUhQXj+2Rdg7HnGMFdeuE+cj3w9HwHW4Q9/dys3bgQk
EsYlhv6A2lmnxFg1juGoULQckE7HMSWOdo+EauOFxSOpdDaL+PnTas0Az/A7uUA1
yjgOxqppRuJdyH/c78Txf/Tw9p/1t0eGnl2V4g4hEXKTi6hYbgAcx8Ze7RIe0tNa
CUUFRH1eG1NpY2AZZHu7X03TFr2pWtlCL2lflEj4Uwc+carjz8o=
=iozi
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6311-1] php-twig security update
Next by Date: [SECURITY] [DSA 6313-1] dovecot security update
Previous by thread: [SECURITY] [DSA 6311-1] php-twig security update
Next by thread: [SECURITY] [DSA 6313-1] dovecot security update
Index(es):
- Date
- Thread