-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 13 Nov 2019 09:10:15 -1000 Source: symfony Architecture: source Version: 3.4.22+dfsg-2+deb10u1 Distribution: buster-security Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org> Changed-By: David Prévot <taffit@debian.org> Closes: 930003 Changes: symfony (3.4.22+dfsg-2+deb10u1) buster-security; urgency=medium . * Drop failing tests with recent PHP (Closes: #930003) * Backport security fixes from 3.4.35 - [HttpKernel] Use constant time comparison in UriSigner [CVE-2019-18887] - [Cache] forbid serializing AbstractAdapter and TagAwareAdapter instances [CVE-2019-18889] - [HttpFoundation] fix guessing mime-types of files with leading dash [CVE-2019-18888] Checksums-Sha1: a7a10a05d37962484209fcfce37205421273e665 6581 symfony_3.4.22+dfsg-2+deb10u1.dsc 6fcd5fc682fc672da545ab986b120c7d9c0a09f2 3095232 symfony_3.4.22+dfsg.orig.tar.xz d51f7e5f7db16519b53d7490501806503a63bb01 50348 symfony_3.4.22+dfsg-2+deb10u1.debian.tar.xz 4f9723cba3de31cf4c2fe3f9bf9f9953828d2dd2 28742 symfony_3.4.22+dfsg-2+deb10u1_amd64.buildinfo Checksums-Sha256: 14eb173bbc3c2753ee1e11511cf29e189cead836ba67975a11791b946d280195 6581 symfony_3.4.22+dfsg-2+deb10u1.dsc 5b1fc7f05c46622ebe96d0dcb05da8174d747fd24b1053df57904ae4c71b4199 3095232 symfony_3.4.22+dfsg.orig.tar.xz 6685fb0749105abcafc68e8920830f24683487ec21cec6cf4a2776e8b03501b6 50348 symfony_3.4.22+dfsg-2+deb10u1.debian.tar.xz 95a3617295c391de6d1ca93c739dbd5a2bd12084f29fea5ff418487c178789d4 28742 symfony_3.4.22+dfsg-2+deb10u1_amd64.buildinfo Files: 39b8dd1e1cd91b959d01422843c8f809 6581 php optional symfony_3.4.22+dfsg-2+deb10u1.dsc 0fa46cfc2b4cb7c736f1ddbf371b2eeb 3095232 php optional symfony_3.4.22+dfsg.orig.tar.xz ee86d88cf1c89fb5d672ce4c5d8bf786 50348 php optional symfony_3.4.22+dfsg-2+deb10u1.debian.tar.xz 542f3e9e4207fb131975f039f1106c32 28742 php optional symfony_3.4.22+dfsg-2+deb10u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQFGBAEBCAAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAl3QijgSHHRhZmZpdEBk ZWJpYW4ub3JnAAoJEAWMHPlE9r08t6IIAKBavQlrM0vGauYf1rnv214KiAOkAZPN IijclvOhoL9mXkBpW2owPjuFDWihIilPt3zIdMG5owkPIdpeeLPuFEslkI49xqUa xG6kUEPQiObtRErJLYru6nwBwQfRtUeUCT9CvOIDk2UawIfNPm4xwEXOBKG8pywH VnGiAEguvNnC/TSqIHURp0P9DrfKzpjMNoeIj/lAFsc3DyZ9K60ISHmkZlNfegiW A7Mf+6Z0fTGwG0ym8dS2ttRDyobCzfUpFfGqdu1LDulyAmnB2XZUlb5cf+YklK+m 6Dy0LP9RNms5Yx8zfyFHQX+s3i/rT3teV75E8rlbeIWvTy3J7dF/TJ0= =hS5x -----END PGP SIGNATURE-----