Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in php-pear-PHP-CodeSniffer
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in php-pear-PHP-CodeSniffer
ID: FEDORA-2017-aaf92c483c
Distribution: Fedora
Plattformen: Fedora 24
Datum: Sa, 11. März 2017, 00:57
Referenzen: Keine Angabe

Originalnachricht

Name        : php-pear-PHP-CodeSniffer
Product : Fedora 24
Version : 2.8.1
Release : 1.fc24
URL : http://pear.php.net/package/PHP_CodeSniffer
Summary : PHP coding standards enforcement tool
Description :
PHP_CodeSniffer provides functionality to verify that code conforms to
certain standards, such as PEAR, or user-defined.

-------------------------------------------------------------------------------
-
Update Information:

**Version 2.8.1** * This release contains a fix for a security advisory
related
to the improper handling of shell commands * Uses of shell_exec() and
exec()
were not escaping filenames and configuration settings in most cases * A
properly crafted filename or configuration option would allow for arbitrary
code
execution when using some features * All users are encouraged to upgrade to
this version, especially if you are checking 3rd-party code * e.g., you
run PHPCS over libraries that you did not write * e.g., you provide a
web service that runs PHPCS over user-uploaded files or 3rd-party repositories
* e.g., you allow external tool paths to be set by user-defined values * If
you are unable to upgrade but you check 3rd-party code, ensure you are not
using
the following features: * The diff report * The notify-send
report * The Generic.PHP.Syntax sniff * The
Generic.Debug.CSSLint sniff * The Generic.Debug.ClosureLinter sniff
* The Generic.Debug.JSHint sniff * The Squiz.Debug.JSLint sniff
* The Squiz.Debug.JavaScriptLint sniff * The Zend.Debug.CodeAnalyzer
sniff * Thanks to Klaus Purer for the report * The PHP-supplied
T_COALESCE_EQUAL token has been replicated for PHP versions before 7.2 *
PEAR.Functions.FunctionDeclaration now reports an error for blank lines found
inside a function declaration * PEAR.Functions.FunctionDeclaration no longer
reports indent errors for blank lines in a function declaration *
Squiz.Functions.MultiLineFunctionDeclaration no longer reports errors for blank
lines in a function declaration * It would previously report that only one
argument is allowed per line * Squiz.Commenting.FunctionComment now corrects
multi-line param comment padding more accurately *
Squiz.Commenting.FunctionComment now properly fixes pipe-separated param types
*
Squiz.Commenting.FunctionComment now works correctly when function return types
also contain a comment * Thanks to Juliette Reinders Folmer for the patch *
Squiz.ControlStructures.InlineIfDeclaration now supports the elvis operator
* As this is not a real PHP operator, it enforces no spaces between ? and :
when
the THEN statement is empty * Squiz.ControlStructures.InlineIfDeclaration is
now
able to fix the spacing errors it reports * Fixed bug #1340 : STDIN file
contents not being populated in some cases * Thanks to David Bi?ovec for
the
patch * Fixed bug #1344 : PEAR.Functions.FunctionCallSignatureSniff throws
error
for blank comment lines * Fixed bug #1347 : PSR2.Methods.FunctionCallSignature
strips some comments during fixing * Thanks to Algirdas Gurevicius for the
patch * Fixed bug #1349 : Squiz.Strings.DoubleQuoteUsage.NotRequired message is
badly formatted when string contains a CR newline char * Thanks to Algirdas
Gurevicius for the patch * Fixed bug #1350 : Invalid
Squiz.Formatting.OperatorBracket error when using namespaces * Fixed bug #1369
:
Empty line in multi-line function declaration cause infinite loop
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php-pear-PHP-CodeSniffer' at the command line.
For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung