[SECURITY] [DSA 6317-1] symfony security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6317-1] symfony security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 1 Jun 2026 18:04:35 +0000
Message-id: <[🔎] ah3Js_av8KwSAv8A@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6317-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
June 01, 2026                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : symfony
CVE ID         : CVE-2024-50340 CVE-2026-45063 CVE-2026-45065 CVE-2026-45067 
                 CVE-2026-45068 CVE-2026-45071 CVE-2026-45073 CVE-2026-45077 
                 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-46626 
                 CVE-2026-48489 CVE-2026-48736 CVE-2026-48784

Multiple vulnerabilities have been found in the Symfony PHP framework 
which could lead to a bypass of security controls, cross-site scripting,
denial of service, SQL injection, email header injection, information
disclosure or code execution via PHP object deserialization.

For the oldstable distribution (bookworm), these problems have been fixed
in version 5.4.53+dfsg-0+deb12u1.

We recommend that you upgrade your symfony packages.

For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/symfony

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmodyXUACgkQEMKTtsN8
TjaFOA/7BtlAdL2GFoYTDLcQjOka+yBkExXz6ZLjcd5xLQ6yN5tDCB4wLnrHM5Sb
JEL7vzpVcX/awCwEqdPiXAd4LdvvSDa8J7q+Oha+52sN6bTYfFkBAOjY+IsiaKwR
TqNIiGQiisQMOKBBcFFcs2z8wv6P9sFtEy31pg7v5THtd2rWcne4ZPANqgofCLgy
lZwyWOn4CJALZDu4Oje0y7be8OzYyrD4DreHNubQqMxzIyotWoX34qfWwoMCkxKF
Q8Mt6PKd/7xouaUVTrWaHmT7zNIBds5JmTaTE9JcBryQHHVTBkqlIIaKYmbdne+H
8Fjk9XFLsbh10rNa1v5yevYaAyEmXEc6Qko86Vix8hiFWK9R22ak/P8Eb9mKAX0B
yWLakeUsGMaRgc77g3MJHWsSkY0D8cMFoZptdfi4aSVpVFU9xDVF51ea7442PYdU
LkGLFFmMUhURq+WG2HNSxInoJ43OLUvfBib1f/XaPUkKqQPRNmP0ibZl5CTbcPqe
CWURU5fzVzcTu+v0aR5UlB1rc3DxSwYpcjoZkUtARd4DuIm98I6eJQhQU3Znjv1K
aefK/js9rzt9vFy8EmKWAUL0ywFmumql86QJ81tIbC6WA0sJ+xtxb31/pZVcXuwe
qfatLeliNtXKql/lYugYOQjGotbLShf8QcgsgEIpMoX5mDsSfeE=
=eyuo
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6316-1] chromium security update
Next by Date: [SECURITY] [DSA 6318-1] gst-plugins-good1.0 security update
Previous by thread: [SECURITY] [DSA 6316-1] chromium security update
Next by thread: [SECURITY] [DSA 6318-1] gst-plugins-good1.0 security update
Index(es):
- Date
- Thread