From 718be1ed2f11b80bcbf2f4bf73ccb5dce62e54e7 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 24 Nov 2021 21:42:33 +0100
Subject: Add CVE-2021-41268/symfony

---
 data/CVE/list.2021 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/data/CVE/list.2021 b/data/CVE/list.2021
index 5ee009f71a..9d8f890357 100644
--- a/data/CVE/list.2021
+++ b/data/CVE/list.2021
@@ -6801,7 +6801,9 @@ CVE-2021-41270 (Symfony/Serializer handles serializing and deserializing data st
 CVE-2021-41269 (cron-utils is a Java library to define, parse, validate, migrate crons ...)
 	NOT-FOR-US: cron-utils Java library
 CVE-2021-41268 (Symfony/SecurityBundle is the security system for Symfony, a PHP frame ...)
-	TODO: check
+	- symfony <not-affected> (Vulnerable code never in released version in unstable)
+	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-qw36-p97w-vcqr
+	NOTE: https://github.com/symfony/symfony/commit/36a808b857cd3240244f4b224452fb1e70dc6dfc (v5.3.12)
 CVE-2021-41267 (Symfony/Http-Kernel is the HTTP kernel component for Symfony, a PHP fr ...)
 	- symfony <not-affected> (Vulnerable code never in released version in unstable)
 	NOTE: https://github.com/symfony/symfony/security/advisories/GHSA-q3j3-w37x-hq2q
-- 
cgit v1.2.3