Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Fehlerhafte Zugriffsrechte in php-doctrine-orm
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Zugriffsrechte in php-doctrine-orm
ID: FEDORA-2016-f0c8b7b115
Distribution: Fedora
Plattformen: Fedora 24
Datum: Mi, 20. Juli 2016, 07:54
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5723

Originalnachricht

Name        : php-doctrine-orm
Product : Fedora 24
Version : 2.4.8
Release : 1.fc24
URL : http://www.doctrine-project.org/projects/orm.html
Summary : Doctrine Object-Relational-Mapper (ORM)
Description :
Object relational mapper (ORM) for PHP that sits on top of a powerful database
abstraction layer (DBAL). One of its' key features is the option to write
database queries in a proprietary object oriented SQL dialect called Doctrine
Query Language (DQL), inspired by Hibernate's HQL. This provides developers
with a powerful alternative to SQL that maintains flexibility without requiring
unnecessary code duplication.

Autoloader: /usr/share/php/Doctrine/ORM/autoload.php

-------------------------------------------------------------------------------
-
Update Information:

## v2.4.8 ### Security - CVE-2015-5723 php-doctrine-orm filesystem permission
issues - https://access.redhat.com/security/cve/CVE-2015-5723 -
security_misconfiguration_vulnerabili
ty_in_various_doctrine_projects.html ### Bug - [DDC-3310] - [GH-1138] Join
column index names - [DDC-3343] - `PersistentCollection::removeElement`
schedules an entity for deletion when relationship is EXTRA_LAZY, with
`orphanRemoval` false. - [DDC-3464] - [GH-1231] Backport 'Merge pull
request
#1098 from encoder32/DDC-1590' to 2.4 branch - [DDC-3482] - [GH-1242]
Attempting
to lock a proxy object fails as UOW doesn't init proxy first - [DDC-3493] -
New
(PHP 5.5) "class" keyword - wrong parsing by EntityGenerator -
[DDC-3494] -
[GH-1250] Test case for "class" keyword - [DDC-3500] - [GH-1254] Fix
applying
ON/WITH conditions to first join in Class Table Inheritance - [DDC-3502] -
[GH-1256] DDC-3493 - fixed EntityGenerator parsing for php 5.5
"::class" syntax
- [DDC-3518] - [GH-1266] [2.4] Fix schema generation in the test suite -
[DDC-3537] - [GH-1282] Hotfix/#1169 extra lazy one to many should not delete
referenced entities (backport to 2.4) - [DDC-3551] - [GH-1294] Avoid Connection
error when calling ClassMetadataFactor::getAllMetadata() - [DDC-3560] -
[GH-1300] [2.4] #1169 DDC-3343 one-to-omany persister deletes only on
EXTRA_LAZY
plus orphanRemoval - [DDC-3608] - [GH-1327] Properly generate default value
from
yml & xml mapping - [DDC-3619] - spl_object_hash collision - [DDC-3624] -
[GH-1338] [DDC-3619] Update identityMap when entity gets managed again -
[DDC-3643] - [GH-1352] fix EntityGenerator RegenerateEntityIfExists ###
Improvement - [DDC-3530] - [GH-1276] travis: run coverage just once
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1347926 - CVE-2015-5723 php-doctrine-orm filesystem permission
issues
https://bugzilla.redhat.com/show_bug.cgi?id=1347926
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update php-doctrine-orm' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung