Bug#1003018: bullseye-pu: package php-laravel-framework/6.20.14+dfsg-2+deb11u1
Control: tags -1 + confirmed
On Sun, 2022-01-02 at 21:10 +0100, Robin Gustafsson wrote:
> [ Reason ]
> Security issues affecting the version in bullseye.
> * Bug #1001333 (CVE-2021-43808)
> * Bug #1002728 (CVE-2021-43617)
>
> [ Impact ]
> * Users of web applications using certain templating features from
> the framework may by vulnerable to XSS attacks.
> * Users who host web applications relying on the framework's file
> upload
> validation features may be vulnerable to remote code execution
> attacks.
>
Please go ahead, thanks.
Regards,
Adam
Reply to: