From dd701c0db5c6fdf5cd76425f8625ad8b845dbb24 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 24 Nov 2021 21:40:06 +0100
Subject: Update status for CVE-2021-41267/symfony

A vulnerable version was never in unstable. The issue got introduced in
5.2.0 upstream. Later to unstable was uploaded directly 5.3.12
(following some experimental uploads) which contains the fix.
---
 data/CVE/2021.list | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/CVE/2021.list b/data/CVE/2021.list
index 43da89fd45..5ee009f71a 100644
--- a/data/CVE/2021.list
+++ b/data/CVE/2021.list
@@ -6803,7 +6803,7 @@ CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate
 CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...)
 	TODO: check
 CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...)
-	- symfony 5.3.12+dfsg-1
+	- symfony <not-affected> (Vulnerable code never in released version in unstable)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
 	NOTE: https://github.com/symfony/symfony/commit/95dcf51682029e89450aee86267e3d553aa7c487 (v5.3.12)
 	TODO: check
-- 
cgit v1.2.3