Control: tags -1 + confirmed On Wed, 2023-02-08 at 13:53 +0100, David Prévot wrote: > Two CVEs have been assigned to Symfony, the version currently in > unstable and bookworm ships the fixes, the attached debdiff is a > proposal for Bullseye. > > https://symfony.com/blog/cve-2022-24894-prevent-storing-cookie-headers-in-httpcache > https://symfony.com/blog/cve-2022-24895-csrf-token-fixation >
Please go ahead. Regards, Adam
