Update status for CVE-2021-41270/symfony

author: Salvatore Bonaccorso <carnil@debian.org> 2021-11-25 22:17:01 +0100
committer: Salvatore Bonaccorso <carnil@debian.org> 2021-11-25 22:17:01 +0100
commit: 206a8e3d59bd85bd33c9ed6bc7586f4949af282c (patch)
tree: 10fcf2fce3ffad36b04cb69a97a223f865351af6
parent: 8e08b827fa72c3f9a240010aefa99bac511bcc16 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 0f858d0515..ff96d12d55 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6851,6 +6851,8 @@ CVE-2021-41271 (Discourse is a platform for community discussion. In affected ve
 	NOT-FOR-US: Discourse
 CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data structur ...)
 	- symfony 4.4.19+dfsg-3
+	[buster] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
+	[stretch] - symfony <not-affected> (Vulnerable code and support for csv_escape_formulas introduced in 4.1)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-2xhg-w2g5-w95x
 	NOTE: https://github.com/symfony/symfony/commit/3da6f2d45e7536ccb2a26f52fbaf340917e208a8 (v4.4.35)
 	NOTE: https://symfony.com/blog/cve-2021-41270-prevent-csv-injection-via-formulas
author	Salvatore Bonaccorso <carnil@debian.org>	2021-11-25 22:17:01 +0100
committer	Salvatore Bonaccorso <carnil@debian.org>	2021-11-25 22:17:01 +0100
commit	206a8e3d59bd85bd33c9ed6bc7586f4949af282c (patch)
tree	10fcf2fce3ffad36b04cb69a97a223f865351af6
parent	8e08b827fa72c3f9a240010aefa99bac511bcc16 (diff)