Debian alert DSA-6317-1 (symfony)
| From: | Moritz Muehlenhoff <jmm@debian.org> | |
| To: | debian-security-announce@lists.debian.org | |
| Subject: | [SECURITY] [DSA 6317-1] symfony security update | |
| Date: | Mon, 01 Jun 2026 18:04:35 +0000 | |
| Message-ID: | <ah3Js_av8KwSAv8A@seger.debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6317-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff June 01, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : symfony CVE ID : CVE-2024-50340 CVE-2026-45063 CVE-2026-45065 CVE-2026-45067 CVE-2026-45068 CVE-2026-45071 CVE-2026-45073 CVE-2026-45077 CVE-2026-45133 CVE-2026-45304 CVE-2026-45305 CVE-2026-46626 CVE-2026-48489 CVE-2026-48736 CVE-2026-48784 Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to a bypass of security controls, cross-site scripting, denial of service, SQL injection, email header injection, information disclosure or code execution via PHP object deserialization. For the oldstable distribution (bookworm), these problems have been fixed in version 5.4.53+dfsg-0+deb12u1. We recommend that you upgrade your symfony packages. For the detailed security status of symfony please refer to its security tracker page at: https://security-tracker.debian.org/tracker/symfony Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmodyXUACgkQEMKTtsN8 TjaFOA/7BtlAdL2GFoYTDLcQjOka+yBkExXz6ZLjcd5xLQ6yN5tDCB4wLnrHM5Sb JEL7vzpVcX/awCwEqdPiXAd4LdvvSDa8J7q+Oha+52sN6bTYfFkBAOjY+IsiaKwR TqNIiGQiisQMOKBBcFFcs2z8wv6P9sFtEy31pg7v5THtd2rWcne4ZPANqgofCLgy lZwyWOn4CJALZDu4Oje0y7be8OzYyrD4DreHNubQqMxzIyotWoX34qfWwoMCkxKF Q8Mt6PKd/7xouaUVTrWaHmT7zNIBds5JmTaTE9JcBryQHHVTBkqlIIaKYmbdne+H 8Fjk9XFLsbh10rNa1v5yevYaAyEmXEc6Qko86Vix8hiFWK9R22ak/P8Eb9mKAX0B yWLakeUsGMaRgc77g3MJHWsSkY0D8cMFoZptdfi4aSVpVFU9xDVF51ea7442PYdU LkGLFFmMUhURq+WG2HNSxInoJ43OLUvfBib1f/XaPUkKqQPRNmP0ibZl5CTbcPqe CWURU5fzVzcTu+v0aR5UlB1rc3DxSwYpcjoZkUtARd4DuIm98I6eJQhQU3Znjv1K aefK/js9rzt9vFy8EmKWAUL0ywFmumql86QJ81tIbC6WA0sJ+xtxb31/pZVcXuwe qfatLeliNtXKql/lYugYOQjGotbLShf8QcgsgEIpMoX5mDsSfeE= =eyuo -----END PGP SIGNATURE-----