-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 28 May 2026 00:18:24 +0200
Source: symfony
Architecture: source
Version: 5.4.53+dfsg-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear@lists.alioth.debian.org>
Changed-By: David Prévot <taffit@debian.org>
Changes:
symfony (5.4.53+dfsg-0+deb12u1) bookworm-security; urgency=medium
.
[ Fabien Potencier ]
* Update VERSION for 5.4.53
.
[ Nicolas Grekas ]
* [MonologBridge] Bind server:log to localhost by default [CVE-2026-45077]
* [Yaml] Bound recursion depth in the parser [CVE-2026-45133]
* [Cache] Validate the prefix given to AbstractAdapter::clear()
[CVE-2026-45073]
* [Yaml] Bound collection-alias resolution in the parser [CVE-2026-45304]
* [Yaml] Harden the Parser::cleanup() regexes against catastrophic
backtracking [CVE-2026-45305]
* [Runtime] Fix CVE-2024-50340 patch bypass by gating argv on
$_SERVER['QUERY_STRING'] [CVE-2026-46626]
* [HttpClient] Block IPv6 transition forms in NoPrivateNetworkHttpClient
[CVE-2026-48736]
* [Routing] Fix dot-segment encoding for chained "../" and "./" in generated
URLs [CVE-2026-48784]
* [Security] Don't honor user-supplied _failure_path on failure_forward
[CVE-2026-48489]
.
[ Alexandre Daubois ]
* [Routing] Fix regex alternation anchoring in UrlGenerator requirement
validation [CVE-2026-45065]
* [DomCrawler] Fix XXE in addXmlContent() by not enabling `validateOnParse`
[CVE-2026-45071]
* [Security] Anchor emailAddress regex to RDN boundary in X509Authenticator
[CVE-2026-45063]
* [Mime] Reject email addresses containing line breaks in Address
[CVE-2026-45067]
* [Mailer] Add end-of-options separator before recipients in
SendmailTransport; reject addresses starting with a dash [CVE-2026-45068]
.
[ David Prévot ]
* debian/gbp.conf: permit new upstream release
* Refresh patches
* Update homemade autoload.php
* Update copyright for new image
* Exclude some test files for phpab
* Use php-http-message-factory for tests
Checksums-Sha1:
b7f13df88e4160caa7a6cc96a0ddcf5ac6b03f77 13285 symfony_5.4.53+dfsg-0+deb12u1.dsc
d91a05c3b896b50d464a388a229cda1a09a913b1 5108528 symfony_5.4.53+dfsg.orig.tar.xz
ee97fd59c6f6ab00c4d98637443f1f30088ac0db 64056 symfony_5.4.53+dfsg-0+deb12u1.debian.tar.xz
68d56f5498759f6cd5376e773cbd55ce14f2d9d6 57541 symfony_5.4.53+dfsg-0+deb12u1_i386.buildinfo
Checksums-Sha256:
5c805af7b6039ff7f6ebc11b4a8d7c41596bb65661f3f9ab7542e70310722681 13285 symfony_5.4.53+dfsg-0+deb12u1.dsc
515820883adad6d72924de6414d2f51f8a4eea5d95d836075c89abd4ae6471f1 5108528 symfony_5.4.53+dfsg.orig.tar.xz
5138be9553c51d51052ace592c63b8891465ca7766b998f39bb87e43bd8eaa6b 64056 symfony_5.4.53+dfsg-0+deb12u1.debian.tar.xz
26655e226c394d2b60128d76fbaebb75260300fc717576d2b9657fc8446be5d7 57541 symfony_5.4.53+dfsg-0+deb12u1_i386.buildinfo
Files:
d0a83f0a4623b2471a59d8dd8e704939 13285 php optional symfony_5.4.53+dfsg-0+deb12u1.dsc
636a1196e39c0b956089140b8a2e3fa8 5108528 php optional symfony_5.4.53+dfsg.orig.tar.xz
b86fbd4c44ea88d58306394f90044656 64056 php optional symfony_5.4.53+dfsg-0+deb12u1.debian.tar.xz
9c1180ece15743a25005fa7e371a0a5a 57541 php optional symfony_5.4.53+dfsg-0+deb12u1_i386.buildinfo
-----BEGIN PGP SIGNATURE-----
iQFGBAEBCgAwFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAmoYs/MSHHRhZmZpdEBk
ZWJpYW4ub3JnAAoJEAWMHPlE9r08ri0IAI8WPyfVbm07sM0474uNnccsVxAKJsdP
qTM4hxgGsCiXDsC+PiwCiE3Neo/6Na1RX/WxDivLpRY3pPYnpteC6Um0C1Svo8nv
KCslT0sMHMZngqPNcCBERULoxw1s5P8NT0HtU7/FcbHWX96OPA5yurEora4tM+LF
lj8ZPb1Lp56EZ49kp+1ZE34/VBekAbYuQM0M7KIecPjvVWdqIIRuiFUQsLm2ArjK
2QQ9Bun6/+LC4xTFSUAOliTtL1joUdOUtFtUDeeX/LCf/6bI4ZNyPf0rMEhp3amv
Lq23JdRL6zmBSQbPB11rlXK+cp80aWxXYGCtb2PMreNZqhzdiYZT6ho=
=lPaT
-----END PGP SIGNATURE-----
