Sicherheit: Zwei Probleme in php-symfony2-Yaml - Pro-Linux

Name        : php-symfony2-Yaml
Product     : Fedora 16
Version     : 2.0.22
Release     : 1.fc16
URL         : http://symfony.com/doc/current/components/yaml.html
Summary     : Symfony2 Yaml Component
Description :
The Symfony2 YAML Component parses YAML strings to convert them to PHP arrays.
It is also able to convert PHP arrays to YAML strings.

YAML, YAML Ain't Markup Language, is a human friendly data serialization
standard for all programming languages. YAML is a great format for your
configuration files. YAML files are as expressive as XML files and as readable
as INI files.

The Symfony2 YAML Component implements the YAML 1.2 version of the
specification.

-------------------------------------------------------------------------------
-
Update Information:

Updated to upstream version 2.0.22

CVE-2013-1348: Ability to enable/disable PHP parsing in Yaml::parse()

CVE-2013-1397: Ability to enable/disable object support in YAML parsing and
 dumping

See: security-release-symfony-2-0-22-and-2-1-7-released

Changelog: https://github.com/symfony/symfony/blob/v2.0.22/CHANGELOG-2.0.md
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program.  Use 
su -c 'yum update php-symfony2-Yaml' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce