You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa php-twig

Sigurnosni nedostaci programskog paketa php-twig

——————————————————————————–
Fedora Update Notification
FEDORA-2015-0b89738311
2015-12-05 23:27:53.142206
——————————————————————————–

Name : php-twig
Product : Fedora 22
Version : 1.23.1
Release : 2.fc22
URL : http://twig.sensiolabs.org
Summary : The flexible, fast, and secure template engine for PHP
Description :
The flexible, fast, and secure template engine for PHP.

* Fast: Twig compiles templates down to plain optimized PHP code. The
overhead compared to regular PHP code was reduced to the very minimum.

* Secure: Twig has a sandbox mode to evaluate untrusted template code. This
allows Twig to be used as a template language for applications where users
may modify the template design.

* Flexible: Twig is powered by a flexible lexer and parser. This allows the
developer to define its own custom tags and filters, and create its own
DSL.

——————————————————————————–
Update Information:

**Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered
PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29)
* deprecated the possibility to override an extension by registering another one
with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added
Twig_Extension_GlobalsInterface for BC) * deprecated
Twig_ExtensionInterface::initRuntime() (added
Twig_Extension_InitRuntimeInterface for BC) * deprecated
Twig_Environment::computeAlternatives() **Symfony 2.7.7** (2015-11-23) *
security #16631 CVE-2015-8124: Session Fixation in the “Remember Me” Login
Feature (xabbuh) * security #16630 CVE-2015-8125: Potential Remote Timing
Attack Vulnerability in Security Remember-Me Service (xabbuh) * bug #16588
Sent out a status text for unknown HTTP headers. (dawehner) * bug #16295
[DependencyInjection] Unescape parameters for all types of injection (Nicofuma)
* bug #16574 [Process] Fix PhpProcess with phpdbg runtime (nicolas-grekas) *
bug #16578 [Console] Fix bug in windows detection (kbond) * bug #16546
[Serializer] ObjectNormalizer: don’t serialize static methods and props
(dunglas) * bug #16352 Fix the server variables in the router_*.php files
(leofeyer) * bug #16537 [Validator] Allow an empty path with a non empty
fragment or a query (jakzal) * bug #16528 [Translation] Add support for
Armenian pluralization. (marcosdsanchez) * bug #16510 [Process] fix Proccess
run with pts enabled (ewgRa) * bug #16292 fix race condition at mkdir
(#16258) (ewgRa) * bug #15945 [Form] trigger deprecation warning when using
empty_value (xabbuh) * bug #16384 [FrameworkBundle] JsonDescriptor – encode
container params only once (xabbuh) * bug #16480 [VarDumper] Fix PHP7 type-
hints compat (nicolas-grekas) * bug #16463 [PropertyAccess] Port of the
performance optimization from 2.3 (dunglas) * bug #16462 [PropertyAccess] Fix
dynamic property accessing. (dunglas) * bug #16454 [Serializer]
GetSetNormalizer shouldn’t set/get static methods (boekkooi) * bug #16453
[Serializer] PropertyNormalizer shouldn’t set static properties (boekkooi) *
bug #16471 [VarDumper] Fix casting for ReflectionParameter (nicolas-grekas) *
bug #16294 [PropertyAccess] Major performance improvement (dunglas) * bug
#16331 fixed Twig deprecation notices (fabpot) * bug #16306 [DoctrineBridge]
Fix issue which prevent the profiler to explain a query (Baachi) * bug #16359
Use mb_detect_encoding with $strict = true (nicolas-grekas) * bug #16144
[Security] don’t allow to install the split Security packages (xabbuh)
——————————————————————————–
References:

[ 1 ] Bug #1285263 – CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1285263
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-twig’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2015-0efcb5fbc5
2015-12-05 23:28:48.802310
——————————————————————————–

Name : php-twig
Product : Fedora 23
Version : 1.23.1
Release : 2.fc23
URL : http://twig.sensiolabs.org
Summary : The flexible, fast, and secure template engine for PHP
Description :
The flexible, fast, and secure template engine for PHP.

* Fast: Twig compiles templates down to plain optimized PHP code. The
overhead compared to regular PHP code was reduced to the very minimum.

* Secure: Twig has a sandbox mode to evaluate untrusted template code. This
allows Twig to be used as a template language for applications where users
may modify the template design.

* Flexible: Twig is powered by a flexible lexer and parser. This allows the
developer to define its own custom tags and filters, and create its own
DSL.

——————————————————————————–
Update Information:

**Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered
PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29)
* deprecated the possibility to override an extension by registering another one
with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added
Twig_Extension_GlobalsInterface for BC) * deprecated
Twig_ExtensionInterface::initRuntime() (added
Twig_Extension_InitRuntimeInterface for BC) * deprecated
Twig_Environment::computeAlternatives() **Symfony 2.7.7** (2015-11-23) *
security #16631 CVE-2015-8124: Session Fixation in the “Remember Me” Login
Feature (xabbuh) * security #16630 CVE-2015-8125: Potential Remote Timing
Attack Vulnerability in Security Remember-Me Service (xabbuh) * bug #16588
Sent out a status text for unknown HTTP headers. (dawehner) * bug #16295
[DependencyInjection] Unescape parameters for all types of injection (Nicofuma)
* bug #16574 [Process] Fix PhpProcess with phpdbg runtime (nicolas-grekas) *
bug #16578 [Console] Fix bug in windows detection (kbond) * bug #16546
[Serializer] ObjectNormalizer: don’t serialize static methods and props
(dunglas) * bug #16352 Fix the server variables in the router_*.php files
(leofeyer) * bug #16537 [Validator] Allow an empty path with a non empty
fragment or a query (jakzal) * bug #16528 [Translation] Add support for
Armenian pluralization. (marcosdsanchez) * bug #16510 [Process] fix Proccess
run with pts enabled (ewgRa) * bug #16292 fix race condition at mkdir
(#16258) (ewgRa) * bug #15945 [Form] trigger deprecation warning when using
empty_value (xabbuh) * bug #16384 [FrameworkBundle] JsonDescriptor – encode
container params only once (xabbuh) * bug #16480 [VarDumper] Fix PHP7 type-
hints compat (nicolas-grekas) * bug #16463 [PropertyAccess] Port of the
performance optimization from 2.3 (dunglas) * bug #16462 [PropertyAccess] Fix
dynamic property accessing. (dunglas) * bug #16454 [Serializer]
GetSetNormalizer shouldn’t set/get static methods (boekkooi) * bug #16453
[Serializer] PropertyNormalizer shouldn’t set static properties (boekkooi) *
bug #16471 [VarDumper] Fix casting for ReflectionParameter (nicolas-grekas) *
bug #16294 [PropertyAccess] Major performance improvement (dunglas) * bug
#16331 fixed Twig deprecation notices (fabpot) * bug #16306 [DoctrineBridge]
Fix issue which prevent the profiler to explain a query (Baachi) * bug #16359
Use mb_detect_encoding with $strict = true (nicolas-grekas) * bug #16144
[Security] don’t allow to install the split Security packages (xabbuh)
——————————————————————————–
References:

[ 1 ] Bug #1285263 – CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities
https://bugzilla.redhat.com/show_bug.cgi?id=1285263
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-twig’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa openssl

Otkriveni su sigurnosni nedostaci u programskom paketu openssl za operacijski sustav FreeBSD. Otkriveni nedostaci potencijalnim napadačima omogućuju izvođenje napada uskraćivanja...

Close