Information on source package symfony

Available versions

ReleaseVersion
jessie (security)2.3.21+dfsg-4+deb8u3
stretch (security)2.8.7+dfsg-1.3+deb9u1
buster3.4.20+dfsg-1
sid3.4.20+dfsg-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-19790vulnerablevulnerablefixedfixedAn open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...
CVE-2018-19789vulnerablevulnerablefixedfixedAn issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before ...
CVE-2018-14774fixedvulnerable (no DSA)fixedfixedAn issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, ...
CVE-2018-14773vulnerablevulnerable (no DSA)fixedfixedAn issue was discovered in Http Foundation in Symfony 2.7.0 through ...
CVE-2018-11408vulnerablefixedfixedfixedThe security handlers in the Security component in Symfony in 2.7.x ...
CVE-2018-11385vulnerablefixedfixedfixedAn issue was discovered in the Security component in Symfony 2.7.x ...
CVE-2017-16654vulnerablefixedfixedfixedAn issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...
CVE-2017-16652vulnerablefixedfixedfixedAn issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before ...

Open unimportant issues

BugjessiestretchbustersidDescription
CVE-2018-12040vulnerablevulnerablefixedfixed** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in ...
CVE-2017-18343vulnerablevulnerablefixedfixed** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x ...

Resolved issues

BugDescription
CVE-2018-11407An issue was discovered in the Ldap component in Symfony 2.8.x before ...
CVE-2018-11406An issue was discovered in the Security component in Symfony 2.7.x ...
CVE-2018-11386An issue was discovered in the HttpFoundation component in Symfony ...
CVE-2017-16790An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...
CVE-2017-16653An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, ...
CVE-2017-11365Empty passwords validation issue
CVE-2016-4423The attemptAuthentication function in ...
CVE-2016-2403Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to ...
CVE-2016-1902The nextBytes function in the SecureRandom class in Symfony before ...
CVE-2015-8125Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before ...
CVE-2015-8124Session fixation vulnerability in the "Remember Me" login feature in ...
CVE-2015-4050FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...
CVE-2015-2309Unsafe methods in the Request class
CVE-2015-2308Eval injection vulnerability in the HttpCache class in HttpKernel in ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...

Security announcements

DSA / DLADescription
DSA-4262-1symfony - security update
DSA-3588-1symfony - security update
DSA-3402-1symfony - security update
DSA-3276-1symfony - security update

Search for package or bug name: Reporting problems