Debian 9822 Published by

A symfony security update has been released for Debian GNU/Linux 9 Extended LTS to address a potential XSS vulnerability.



ELA-1009-1 symfony security update

Package : symfony
Version : 2.8.7+dfsg-1.3+deb9u5 (stretch)

Related CVEs :
CVE-2023-46734

Pierre Rudloff discovered a potential XSS vulnerability in Symfony, a PHP
framework. Some Twig filters in CodeExtension use is_safe=html but do not
actually ensure their input is safe. Symfony now escapes the output of the
affected filters.

ELA-1009-1 symfony security update