You are here
Home > Preporuke > Sigurnosni nedostatak programske biblioteke php-doctrine-orm

Sigurnosni nedostatak programske biblioteke php-doctrine-orm

——————————————————————————–
Fedora Update Notification
FEDORA-2016-f0c8b7b115
2016-07-19 22:28:39.716036
——————————————————————————–

Name : php-doctrine-orm
Product : Fedora 24
Version : 2.4.8
Release : 1.fc24
URL : http://www.doctrine-project.org/projects/orm.html
Summary : Doctrine Object-Relational-Mapper (ORM)
Description :
Object relational mapper (ORM) for PHP that sits on top of a powerful database
abstraction layer (DBAL). One of its’ key features is the option to write
database queries in a proprietary object oriented SQL dialect called Doctrine
Query Language (DQL), inspired by Hibernate’s HQL. This provides developers
with a powerful alternative to SQL that maintains flexibility without requiring
unnecessary code duplication.

Autoloader: /usr/share/php/Doctrine/ORM/autoload.php

——————————————————————————–
Update Information:

## v2.4.8 ### Security – CVE-2015-5723 php-doctrine-orm filesystem permission
issues – https://access.redhat.com/security/cve/CVE-2015-5723 –
http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerabili
ty_in_various_doctrine_projects.html ### Bug – [DDC-3310] – [GH-1138] Join
column index names – [DDC-3343] – `PersistentCollection::removeElement`
schedules an entity for deletion when relationship is EXTRA_LAZY, with
`orphanRemoval` false. – [DDC-3464] – [GH-1231] Backport ‘Merge pull request
#1098 from encoder32/DDC-1590′ to 2.4 branch – [DDC-3482] – [GH-1242] Attempting
to lock a proxy object fails as UOW doesn’t init proxy first – [DDC-3493] – New
(PHP 5.5) “class” keyword – wrong parsing by EntityGenerator – [DDC-3494] –
[GH-1250] Test case for “class” keyword – [DDC-3500] – [GH-1254] Fix applying
ON/WITH conditions to first join in Class Table Inheritance – [DDC-3502] –
[GH-1256] DDC-3493 – fixed EntityGenerator parsing for php 5.5 “::class” syntax
– [DDC-3518] – [GH-1266] [2.4] Fix schema generation in the test suite –
[DDC-3537] – [GH-1282] Hotfix/#1169 extra lazy one to many should not delete
referenced entities (backport to 2.4) – [DDC-3551] – [GH-1294] Avoid Connection
error when calling ClassMetadataFactor::getAllMetadata() – [DDC-3560] –
[GH-1300] [2.4] #1169 DDC-3343 one-to-omany persister deletes only on EXTRA_LAZY
plus orphanRemoval – [DDC-3608] – [GH-1327] Properly generate default value from
yml & xml mapping – [DDC-3619] – spl_object_hash collision – [DDC-3624] –
[GH-1338] [DDC-3619] Update identityMap when entity gets managed again –
[DDC-3643] – [GH-1352] fix EntityGenerator RegenerateEntityIfExists ###
Improvement – [DDC-3530] – [GH-1276] travis: run coverage just once
——————————————————————————–
References:

[ 1 ] Bug #1347926 – CVE-2015-5723 php-doctrine-orm filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347926
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-doctrine-orm’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-7e229134f9
2016-07-19 17:24:41.352228
——————————————————————————–

Name : php-doctrine-orm
Product : Fedora 23
Version : 2.4.8
Release : 1.fc23
URL : http://www.doctrine-project.org/projects/orm.html
Summary : Doctrine Object-Relational-Mapper (ORM)
Description :
Object relational mapper (ORM) for PHP that sits on top of a powerful database
abstraction layer (DBAL). One of its’ key features is the option to write
database queries in a proprietary object oriented SQL dialect called Doctrine
Query Language (DQL), inspired by Hibernate’s HQL. This provides developers
with a powerful alternative to SQL that maintains flexibility without requiring
unnecessary code duplication.

Autoloader: /usr/share/php/Doctrine/ORM/autoload.php

——————————————————————————–
Update Information:

## v2.4.8 ### Security – CVE-2015-5723 php-doctrine-orm filesystem permission
issues – https://access.redhat.com/security/cve/CVE-2015-5723 –
http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerabili
ty_in_various_doctrine_projects.html ### Bug – [DDC-3310] – [GH-1138] Join
column index names – [DDC-3343] – `PersistentCollection::removeElement`
schedules an entity for deletion when relationship is EXTRA_LAZY, with
`orphanRemoval` false. – [DDC-3464] – [GH-1231] Backport ‘Merge pull request
#1098 from encoder32/DDC-1590′ to 2.4 branch – [DDC-3482] – [GH-1242] Attempting
to lock a proxy object fails as UOW doesn’t init proxy first – [DDC-3493] – New
(PHP 5.5) “class” keyword – wrong parsing by EntityGenerator – [DDC-3494] –
[GH-1250] Test case for “class” keyword – [DDC-3500] – [GH-1254] Fix applying
ON/WITH conditions to first join in Class Table Inheritance – [DDC-3502] –
[GH-1256] DDC-3493 – fixed EntityGenerator parsing for php 5.5 “::class” syntax
– [DDC-3518] – [GH-1266] [2.4] Fix schema generation in the test suite –
[DDC-3537] – [GH-1282] Hotfix/#1169 extra lazy one to many should not delete
referenced entities (backport to 2.4) – [DDC-3551] – [GH-1294] Avoid Connection
error when calling ClassMetadataFactor::getAllMetadata() – [DDC-3560] –
[GH-1300] [2.4] #1169 DDC-3343 one-to-omany persister deletes only on EXTRA_LAZY
plus orphanRemoval – [DDC-3608] – [GH-1327] Properly generate default value from
yml & xml mapping – [DDC-3619] – spl_object_hash collision – [DDC-3624] –
[GH-1338] [DDC-3619] Update identityMap when entity gets managed again –
[DDC-3643] – [GH-1352] fix EntityGenerator RegenerateEntityIfExists ###
Improvement – [DDC-3530] – [GH-1276] travis: run coverage just once
——————————————————————————–
References:

[ 1 ] Bug #1347926 – CVE-2015-5723 php-doctrine-orm filesystem permission issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347926
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-doctrine-orm’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa kernel

Otkriveni su sigurnosni nedostaci u programskom paketu kernel za Fedoru. Zahvaćeno je nekoliko komponenti, a ovisno o tipu nedostatka mogu...

Close