Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in php-symfony3
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in php-symfony3
ID: FEDORA-2018-66547a8c14
Distribution: Fedora
Plattformen: Fedora 28
Datum: Mo, 17. Dezember 2018, 07:42
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19789
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19790
Applikationen: symfony

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-66547a8c14
2018-12-17 02:27:14.659007
-------------------------------------------------------------------------------
-

Name : php-symfony3
Product : Fedora 28
Version : 3.4.20
Release : 1.fc28
URL : https://symfony.com
Summary : Symfony PHP framework (version 3)
Description :
Symfony PHP framework (version 3).

NOTE: Does not require PHPUnit bridge.

-------------------------------------------------------------------------------
-
Update Information:

**Version 3.4.20** (2018-12-06) * security
[CVE-2018-19790](https://symfony.com/cve-2018-19790) [Security\Http] detect bad
redirect targets using backslashes (@xabbuh) * security
[CVE-2018-19789](https://symfony.com/cve-2018-19789) [Form] Filter file uploads
out of regular form types (@nicolas-grekas) * bug #29436 [Cache] Fixed
Memcached adapter doClear()to call flush() (raitocz) * bug #29441 [Routing]
ignore trailing slash for non-GET requests (nicolas-grekas) * bug #29432 [DI]
dont inline when lazy edges are found (nicolas-grekas) * bug #29413
[Serializer] fixed DateTimeNormalizer to maintain microseconds when a different
timezone required (rvitaliy) * bug #29424 [Routing] fix taking verb into
account when redirecting (nicolas-grekas) * bug #29414 [DI] Fix dumping
expressions accessing single-use private services (chalasr) * bug #29375
[Validator] Allow `ConstraintViolation::__toString()` to expose codes that are
not null or emtpy strings (phansys) * bug #29376 [EventDispatcher] Fix
eventListener wrapper loop in TraceableEventDispatcher (jderusse) * bug #29343
[Form] Handle all case variants of "nan" when parsing a number
(mwhudson,
xabbuh) * bug #29355 [PropertyAccess] calculate cache keys for property
setters
depending on the value (xabbuh) * bug #29369 [DI] fix combinatorial explosion
when analyzing the service graph (nicolas-grekas) * bug #29349 [Debug]
workaround opcache bug mutating "$this" !?! (nicolas-grekas)
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Dec 7 2018 Remi Collet <remi@remirepo.net> - 3.4.20-1
- update to 3.4.20
* Tue Nov 27 2018 Remi Collet <remi@remirepo.net> - 3.4.19-1
- update to 3.4.19
* Mon Nov 5 2018 Remi Collet <remi@remirepo.net> - 3.4.18-1
- update to 3.4.18
* Thu Oct 18 2018 Remi Collet <remi@remirepo.net> - 3.4.17-2
- ignore doctrine/data-fixtures version
* Wed Oct 3 2018 Remi Collet <remi@remirepo.net> - 3.4.17-1
- update to 3.4.17
* Mon Oct 1 2018 Remi Collet <remi@remirepo.net> - 3.4.16-1
- update to 3.4.16
* Tue Aug 28 2018 Remi Collet <remi@remirepo.net> - 3.4.15-1
- update to 3.4.15
* Wed Aug 1 2018 Shawn Iwinski <shawn.iwinski@gmail.com> - 3.4.14-1
- Update to 3.4.14 (CVE-2018-14773 / CVE-2018-14774)
- Add conflict php-composer(phpdocumentor/type-resolver) < 0.3.0
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> -
3.4.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
* Mon Jun 25 2018 Shawn Iwinski <shawn@iwin.ski> - 3.4.12-1
- Update 3.4.12
* Mon May 28 2018 Remi Collet <remi@remirepo.net> - 3.4.11-1
- update to 3.4.11
* Thu May 24 2018 Remi Collet <remi@remirepo.net> - 3.4.10-1
- update to 3.4.10
- ignore new dependency on symfony/polyfill-ctype
* Fri May 4 2018 Remi Collet <remi@remirepo.net> - 3.4.9-1
- update to 3.4.9
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-66547a8c14' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Gewinnspiel
Neue Nachrichten
Werbung