| Package | symfony |
|---|---|
| Version | 2.8.7+dfsg-1.3+deb9u5 (stretch) |
| Related CVEs | CVE-2023-46734 |
Pierre Rudloff discovered a potential XSS vulnerability in Symfony, a PHP
framework. Some Twig filters in CodeExtension use is_safe=html but do not
actually ensure their input is safe. Symfony now escapes the output of the
affected filters.
For Debian 9 stretch, these problems have been fixed in version 2.8.7+dfsg-1.3+deb9u5.
We recommend that you upgrade your symfony packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.