On Tue, Apr 22, 2025 at 10:46:57PM +0200, Robin Gustafsson wrote: > Hi Moritz, > > Thanks for the report. > > On 4/22/25 14:09, Moritz Mühlenhoff wrote: > > [...] > > The following vulnerability was published for php-laravel-framework. > > > > CVE-2025-27515[0]: > > Thanks. I'll upload a fix for sid/trixie soon.
Great, thanks. > > There are also two other security issues affecting sid/trixie and > > which are already fixed in experimental: > > https://security-tracker.debian.org/tracker/CVE-2024-13918 > > https://security-tracker.debian.org/tracker/CVE-2024-13919 > > These were introduced in 11.9.0 so the versions in Debian aren't affected. We've updated the Security Tracker accordingly. > > So possibly trixie should be moved to 11.44.1 unless it's a very > > breaking change between 10 and 11? > > Unfortunately, that isn't possible due to a dependency on php-symfony 7. Ah, I see. Cheers, Moritz
