-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5813-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
November 15, 2024                     https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : symfony
CVE ID         : CVE-2024-51996

Moritz Rauch discovered that the Symfony PHP framework implemented
persisted remember-me cookies incorrectly, which could result in
authentication bypass.

For the stable distribution (bookworm), this problem has been fixed in
version 5.4.23+dfsg-1+deb12u4.

We recommend that you upgrade your symfony packages.

For the detailed security status of symfony please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/symfony

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmc3hfcACgkQEMKTtsN8
TjZZqQ//UwZZ1H2r1s4Dn/wxuq7Wx2Gn9x4Mn2ZeRcmLWf8AEQlOTEUo7GyR539Y
WqvbTpPiik9kIHF6qOaH9ANSWs0Up/8a3NTueHwrLqOsa1YLm4mMGgAlzO12idwS
8+nZLUs16mtlOSKzSdqPxymeVu58QEoKx336pAwkG6ntYnfjo85G/gfrp17UGiKY
fcjY7xIMoEC+/LhcLleExtxe7roFfMDtagBxuwJ88/ZdYG0ge7DOfrOvH5Eay3/g
2sDo1gxB8texfosV+kFzPIZd7reJMZRuIY4rqvJ31uu85R4yXQSa8mPbm8jFBVsK
wyqzuqhKgBlJC3bIoZ6HyoO7bqRqOysr697CrS+jgQ2bqNxEQYwj9Hy3EWezwElT
4YxJsFyoq2TpNf2wzAa6WTh2ucA7mAu3KxuddykGjtiPHNU8JwONS2nw1KfGwgrq
vz4J9bZZoWaWBQF1RyMA2nFDyc5P13R8LbvLE8eI9uoF/AkHT3AI1Ve7FpmIbqvr
PlnpPUTFFn/I+QxrhttRYkZ8KSI48Xrq7XhfpDmirQOhMOeRM+bAo96l9J9xksBl
e3rP8laI6fUNbDp0C/HSbAYCOvpGt65rPdzlbP8Qg3JcdcBpSyDhxHI7D6Cf6oqq
fAHHnjY8ag6ASvoLISu+xshJe1uY48AcbBx8ORaknxJ5bIYi7Zw=
=ywf6
-----END PGP SIGNATURE-----