You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa php-symfony

Sigurnosni nedostatak programskog paketa php-symfony

——————————————————————————–
Fedora Update Notification
FEDORA-2015-9025
2015-05-28 06:14:15
——————————————————————————–

Name : php-symfony
Product : Fedora 20
Version : 2.5.12
Release : 1.fc20
URL : http://symfony.com
Summary : PHP framework for web projects
Description :
PHP framework for web projects

——————————————————————————–
Update Information:

**2.5.12** (2015-05-27)
* security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener if _controller is already defined (jakzal)

——————————————————————————–
ChangeLog:

* Wed May 27 2015 Remi Collet <remi@fedoraproject.org> – 2.5.12-1
– Update to 2.5.12
– security fix for CVE-2015-4050
* Thu Apr 2 2015 Remi Collet <remi@fedoraproject.org> – 2.5.11-1
– Update to 2.5.11
– security fix for CVE-2015-2308 and CVE-2015-2309
* Wed Mar 18 2015 Remi Collet <remi@fedoraproject.org> – 2.5.10-1
– Update to 2.5.10
* Mon Dec 15 2014 Remi Collet <remi@fedoraproject.org> – 2.5.8-1
– Update to 2.5.8
* Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.5.7-1
– Updated to 2.5.7 (BZ #1166396)
– Added php-composer(egulias/email-validator) dependency
* Sun Nov 2 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.5.6-2
– Exclude “intl-data” test group instead of removing test files
* Sun Nov 2 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.5.6-1
– Updated to 2.5.6 (BZ #1157502)
– “php-twig-Twig” dependency updated to “php-composer(twig/twig)”
– Obsoleted php-symfony-icu (data now in intl component)
* Mon Sep 29 2014 Remi Collet <remi@fedoraproject.org> – 2.5.5-1
– update to 2.5.5
– hack PHPUnit autoloader to not use old system symfony
– don’t skip any Yaml test
* Wed Sep 3 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.5.4-1
– Updated to 2.5.4 (CVE-2014-6072, CVE-2014-5245, CVE-2014-4931, CVE-2014-6061,
CVE-2014-5244, BZ #1138285)
– Removed test files from PropertyAccess and Stopwatch components
– Updated skipped tests
* Tue Aug 12 2014 Remi Collet <remi@fedoraproject.org> – 2.5.3-1
– update to 2.5.3
– fix test bootstrap for PHPUnit 4.2
* Sat Jul 19 2014 Remi Collet <remi@fedoraproject.org> – 2.5.2-2
– fix license handling
* Fri Jul 18 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.5.2-1
– Updated to 2.5.2 (BZ #1100720)
– Added php-composer() virtual provides
– Updated most dependencies to use available php-composer virtual provides
– php-password-compat conditional changed from “0%{?el6}%{?el7}” to
“”%{php_version}” < “5.5””
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 2.4.4-2
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 30 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.4.4-1
– Updated to 2.4.4 (BZ #1038134)
– Updated Doctrine dependencies
– Sub-pkg phpcompatinfo without Tests directory since they are not pkged
* Mon Feb 17 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.4.2-1
– Updated to 2.4.2 (BZ #1038134)
– Re-enabled tests
– Added expressionlanguage component sub-pkg
– Added provides for security component composer sub-pkgs
* Mon Jan 13 2014 Remi Collet <remi@fedoraproject.org> – 2.3.9-0
– EPEL-7 bootstrap build
* Sun Jan 5 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.3.9-1
– Updated to 2.3.9 (BZ #1038134)
– Conditional %{?dist}
– Minor bash cosmetic changes
– Skip additional test relying on external resources
– Skip additional el6 test
* Wed Dec 18 2013 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.3.8-1
– Updated to 2.3.8 (BZ #1038134)
– Temporarily skip test known to fail on Fedora > 20
* Sat Dec 14 2013 Remi Collet <remi@fedoraproject.org> – 2.3.7-4
– fix PEAR compatibility: add missing “autoloader.php”
——————————————————————————–
References:

[ 1 ] Bug #1227264 – CVE-2015-4050 php-symfony: ESI unauthorized access
https://bugzilla.redhat.com/show_bug.cgi?id=1227264
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-symfony’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-9039
2015-05-28 06:15:08
——————————————————————————–

Name : php-symfony
Product : Fedora 21
Version : 2.5.12
Release : 1.fc21
URL : http://symfony.com
Summary : PHP framework for web projects
Description :
PHP framework for web projects

——————————————————————————–
Update Information:

**2.5.12** (2015-05-27)
* security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener if _controller is already defined (jakzal)

——————————————————————————–
ChangeLog:

* Wed May 27 2015 Remi Collet <remi@fedoraproject.org> – 2.5.12-1
– Update to 2.5.12
– security fix for CVE-2015-4050
* Thu Apr 2 2015 Remi Collet <remi@fedoraproject.org> – 2.5.11-1
– Update to 2.5.11
– security fix for CVE-2015-2308 and CVE-2015-2309
* Wed Mar 18 2015 Remi Collet <remi@fedoraproject.org> – 2.5.10-1
– Update to 2.5.10
* Mon Dec 15 2014 Remi Collet <remi@fedoraproject.org> – 2.5.8-1
– Update to 2.5.8
* Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.5.7-1
– Updated to 2.5.7 (BZ #1166396)
– Added php-composer(egulias/email-validator) dependency
——————————————————————————–
References:

[ 1 ] Bug #1227264 – CVE-2015-4050 php-symfony: ESI unauthorized access
https://bugzilla.redhat.com/show_bug.cgi?id=1227264
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-symfony’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-9034
2015-05-28 06:14:42
——————————————————————————–

Name : php-symfony
Product : Fedora 22
Version : 2.5.12
Release : 1.fc22
URL : http://symfony.com
Summary : PHP framework for web projects
Description :
PHP framework for web projects

——————————————————————————–
Update Information:

**2.5.12** (2015-05-27)
* security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener if _controller is already defined (jakzal)

——————————————————————————–
ChangeLog:

* Wed May 27 2015 Remi Collet <remi@fedoraproject.org> – 2.5.12-1
– Update to 2.5.12
– security fix for CVE-2015-4050
——————————————————————————–
References:

[ 1 ] Bug #1227264 – CVE-2015-4050 php-symfony: ESI unauthorized access
https://bugzilla.redhat.com/show_bug.cgi?id=1227264
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-symfony’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa ufraw

Otkriven je sigurnosni nedostatak u programskom paketu ufraw. Otkriveni nedostatak je uzrokovan neispravnom obradom ulaznih podataka. Potencijalnim napadačima omogućuje izvođenje...

Close