Bug#1003018: bullseye-pu: package php-laravel-framework/6.20.14+dfsg-2+deb11u1

To: Robin Gustafsson <robin@rgson.se>, 1003018@bugs.debian.org
Subject: Bug#1003018: bullseye-pu: package php-laravel-framework/6.20.14+dfsg-2+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 19 Feb 2022 18:00:59 +0000
Message-id: <[🔎] 6f79b44492763c71ba7f3aba4a297fc850e2d5b6.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 1003018@bugs.debian.org
In-reply-to: <164115421415.84534.1546349119724189924.reportbug@freyja>
References: <164115421415.84534.1546349119724189924.reportbug@freyja> <164115421415.84534.1546349119724189924.reportbug@freyja>

Control: tags -1 + confirmed

On Sun, 2022-01-02 at 21:10 +0100, Robin Gustafsson wrote:
> [ Reason ]
> Security issues affecting the version in bullseye.
> * Bug #1001333 (CVE-2021-43808)
> * Bug #1002728 (CVE-2021-43617)
> 
> [ Impact ]
> * Users of web applications using certain templating features from
>   the framework may by vulnerable to XSS attacks.
> * Users who host web applications relying on the framework's file
> upload
>   validation features may be vulnerable to remote code execution
> attacks.
> 

Please go ahead, thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#1003018: bullseye-pu: package php-laravel-framework/6.20.14+dfsg-2+deb11u1
  - From: Robin Gustafsson <robin@rgson.se>

Prev by Date: Processed: Re: Bug#1002703: bullseye-pu: package libarchive/3.4.3-2+deb11u1
Next by Date: Bug#1002703: bullseye-pu: package libarchive/3.4.3-2+deb11u1
Previous by thread: Processed: Re: Bug#1002685: bullseye-pu: package prips/1.1.1-3+deb11u1
Next by thread: Processed: Re: Bug#1003018: bullseye-pu: package php-laravel-framework/6.20.14+dfsg-2+deb11u1
Index(es):
- Date
- Thread