-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-5813-1
security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff November 15, 2024
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : symfony
CVE ID : CVE-2024-51996
Moritz Rauch discovered that the Symfony PHP framework implemented
persisted remember-me cookies incorrectly, which could result in
authentication bypass.
For the stable distribution (bookworm), this problem has been fixed in
version 5.4.23+dfsg-1+deb12u4.
We recommend that you upgrade your symfony packages.
For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/symfony
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmc3hfcACgkQEMKTtsN8 TjZZqQ//UwZZ1H2r1s4Dn/wxuq7Wx2Gn9x4Mn2ZeRcmLWf8AEQlOTEUo7GyR539Y WqvbTpPiik9kIHF6qOaH9ANSWs0Up/8a3NTueHwrLqOsa1YLm4mMGgAlzO12idwS 8+nZLUs16mtlOSKzSdqPxymeVu58QEoKx336pAwkG6ntYnfjo85G/gfrp17UGiKY fcjY7xIMoEC+/LhcLleExtxe7roFfMDtagBxuwJ88/ZdYG0ge7DOfrOvH5Eay3/g 2sDo1gxB8texfosV+kFzPIZd7reJMZRuIY4rqvJ31uu85R4yXQSa8mPbm8jFBVsK wyqzuqhKgBlJC3bIoZ6HyoO7bqRqOysr697CrS+jgQ2bqNxEQYwj9Hy3EWezwElT 4YxJsFyoq2TpNf2wzAa6WTh2ucA7mAu3KxuddykGjtiPHNU8JwONS2nw1KfGwgrq vz4J9bZZoWaWBQF1RyMA2nFDyc5P13R8LbvLE8eI9uoF/AkHT3AI1Ve7FpmIbqvr PlnpPUTFFn/I+QxrhttRYkZ8KSI48Xrq7XhfpDmirQOhMOeRM+bAo96l9J9xksBl e3rP8laI6fUNbDp0C/HSbAYCOvpGt65rPdzlbP8Qg3JcdcBpSyDhxHI7D6Cf6oqq fAHHnjY8ag6ASvoLISu+xshJe1uY48AcbBx8ORaknxJ5bIYi7Zw=
=ywf6
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)