1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4573-1] symfony security update

    From Moritz Muehlenhoff@1:229/2 to All on Mon Nov 18 23:20:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4573-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff November 18, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : symfony
    CVE ID : CVE-2019-18887 CVE-2019-18888 CVE-2019-18889

    Multiple vulnerabilities have been found in the Symfony PHP framework
    which could lead to a timing attack/information leak, argument injection
    and code execution via unserialization.

    For the oldstable distribution (stretch), these problems have been fixed
    in version 2.8.7+dfsg-1.3+deb9u3.

    For the stable distribution (buster), these problems have been fixed in
    version 3.4.22+dfsg-2+deb10u1.

    We recommend that you upgrade your symfony packages.

    For the detailed security status of symfony please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/symfony

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3TFFQACgkQEMKTtsN8 TjbEshAAh2IMq7UliNw+lXUEvxZ6Me3f29jdI9qco8nwoEXcVI99NK9wbJQnHG3j 0r8d4DsonNxTrTcCfEH8u24QZwWBiJmsuPIcIq7oiYyaN34W+Q/Wh+Xx+GwLN9ij bWIdGiFi786MJIyLTLipXUCHNfqi4XDXY76WJqVhCSZru39tff5ah9KMeLB/5VuZ x2pfAdRAom4zxMiNwYlR2qELDTAbEUvtAIuQH4HGtZeApVDYRsyaa0l6f0nSeo7U nuRCUG9syoFxgmz6x3+OkTCMZ83tCxcB7s1NA9jNk3+NhA+RkHkhFKRkCJAHTJzV 8EngG9HxNJZydPMXilzzWTqofAxpHHVmshrixukIof5Vjskxbx7DeWc6YruE+DBV 5/8iSZkO2pjGJUYNMiZAfZoppjAWSG7e1Hn3dNZTREFnWL3BwOzZz5fxynS96o5u Y1VBnFwBKt/QT5FybvXVznvupfAZDow5ss9XcKwax40odFtVTK1jeQVu9em65dlB 9erPpVsTxT+l36Zlmd9ia7WRCp0Pmx+B+dLa6jmr6aQrbB2ZoelFMBiDeLEgd2Mj EUmmatF8pE0v5O8+7yJG/MEB2DkQt0L+k0Vru8AG7Iy03TPlhKK9V0Zh9wiAHfYi dBwhJ1oeJUOWlHTTe2Mm3Qr8cpoePvWVPdNfC5N3cpRHu8gTcVc=
    =Rzxs
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)