Information on source package symfony

Available versions

ReleaseVersion
jessie2.3.21+dfsg-4+deb8u3
jessie (security)2.3.21+dfsg-4+deb8u5
stretch (security)2.8.7+dfsg-1.3+deb9u2
buster3.4.22+dfsg-2
bullseye3.4.22+dfsg-2
sid4.3.4+dfsg-1

Open issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-14774fixedvulnerable (no DSA)fixedfixedfixedAn issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, ...

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-12040vulnerablevulnerablefixedfixedfixed** DISPUTED ** Reflected Cross-site scripting (XSS) vulnerability in t ...
CVE-2017-18343vulnerablevulnerablefixedfixedfixed** DISPUTED ** The debug handler in Symfony before v2.7.33, 2.8.x befo ...

Resolved issues

BugDescription
CVE-2019-10913In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10912In Symfony before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4. ...
CVE-2019-10911In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10910In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2019-10909In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x ...
CVE-2018-19790An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x ...
CVE-2018-19789An issue was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2 ...
CVE-2018-14773An issue was discovered in Http Foundation in Symfony 2.7.0 through 2. ...
CVE-2018-11408The security handlers in the Security component in Symfony in 2.7.x be ...
CVE-2018-11407An issue was discovered in the Ldap component in Symfony 2.8.x before ...
CVE-2018-11406An issue was discovered in the Security component in Symfony 2.7.x bef ...
CVE-2018-11386An issue was discovered in the HttpFoundation component in Symfony 2.7 ...
CVE-2018-11385An issue was discovered in the Security component in Symfony 2.7.x bef ...
CVE-2017-16790An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...
CVE-2017-16654An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...
CVE-2017-16653An issue was discovered in Symfony before 2.7.38, 2.8.31, 3.2.14, 3.3. ...
CVE-2017-16652An issue was discovered in Symfony 2.7.x before 2.7.38, 2.8.x before 2 ...
CVE-2017-11365Certain Symfony products are affected by: Incorrect Access Control. Th ...
CVE-2016-4423The attemptAuthentication function in Component/Security/Http/Firewall ...
CVE-2016-2403Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to b ...
CVE-2016-1902The nextBytes function in the SecureRandom class in Symfony before 2.3 ...
CVE-2015-8125Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before 2.7 ...
CVE-2015-8124Session fixation vulnerability in the "Remember Me" login feature in S ...
CVE-2015-4050FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...
CVE-2015-2309Unsafe methods in the Request class
CVE-2015-2308Eval injection vulnerability in the HttpCache class in HttpKernel in S ...
CVE-2008-7220Unspecified vulnerability in Prototype JavaScript framework (prototype ...
CVE-2007-2383The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...

Security announcements

DSA / DLADescription
DSA-4441-1symfony - security update
DLA-1778-1symfony - security update
DLA-1707-1symfony - security update
DSA-4262-1symfony - security update
DSA-3588-1symfony - security update
DSA-3402-1symfony - security update
DSA-3276-1symfony - security update

Search for package or bug name: Reporting problems