drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in php-symfony
Name: |
Zwei Probleme in php-symfony |
|
ID: |
FEDORA-2015-0efcb5fbc5 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 23 |
|
Datum: |
So, 6. Dezember 2015, 11:11 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8125
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8124 |
|
Applikationen: |
symfony |
|
Originalnachricht |
Name : php-symfony Product : Fedora 23 Version : 2.7.7 Release : 2.fc23 URL : http://symfony.com Summary : PHP framework for web projects Description : PHP framework for web projects
------------------------------------------------------------------------------- - Update Information:
**Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29) * deprecated the possibility to override an extension by registering another one with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added Twig_Extension_GlobalsInterface for BC) * deprecated Twig_ExtensionInterface::initRuntime() (added Twig_Extension_InitRuntimeInterface for BC) * deprecated Twig_Environment::computeAlternatives() **Symfony 2.7.7** (2015-11-23) * security #16631 CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature (xabbuh) * security #16630 CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service (xabbuh) * bug #16588 Sent out a status text for unknown HTTP headers. (dawehner) * bug #16295 [DependencyInjection] Unescape parameters for all types of injection (Nicofuma) * bug #16574 [Process] Fix PhpProcess with phpdbg runtime (nicolas-grekas) * bug #16578 [Console] Fix bug in windows detection (kbond) * bug #16546 [Serializer] ObjectNormalizer: don't serialize static methods and props (dunglas) * bug #16352 Fix the server variables in the router_*.php files (leofeyer) * bug #16537 [Validator] Allow an empty path with a non empty fragment or a query (jakzal) * bug #16528 [Translation] Add support for Armenian pluralization. (marcosdsanchez) * bug #16510 [Process] fix Proccess run with pts enabled (ewgRa) * bug #16292 fix race condition at mkdir (#16258) (ewgRa) * bug #15945 [Form] trigger deprecation warning when using empty_value (xabbuh) * bug #16384 [FrameworkBundle] JsonDescriptor - encode container params only once (xabbuh) * bug #16480 [VarDumper] Fix PHP7 type- hints compat (nicolas-grekas) * bug #16463 [PropertyAccess] Port of the performance optimization from 2.3 (dunglas) * bug #16462 [PropertyAccess] Fix dynamic property accessing. (dunglas) * bug #16454 [Serializer] GetSetNormalizer shouldn't set/get static methods (boekkooi) * bug #16453 [Serializer] PropertyNormalizer shouldn't set static properties (boekkooi) * bug #16471 [VarDumper] Fix casting for ReflectionParameter (nicolas-grekas) * bug #16294 [PropertyAccess] Major performance improvement (dunglas) * bug #16331 fixed Twig deprecation notices (fabpot) * bug #16306 [DoctrineBridge] Fix issue which prevent the profiler to explain a query (Baachi) * bug #16359 Use mb_detect_encoding with $strict = true (nicolas-grekas) * bug #16144 [Security] don't allow to install the split Security packages (xabbuh) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1285263 - CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1285263 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update php-symfony' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|