Sicherheit: Zwei Probleme in php-symfony3

Lesezeichen hinzufügen

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2018-8d3a9bdff1
2018-12-17 19:11:43.857962
-------------------------------------------------------------------------------
-

Name : php-symfony3
Product : Fedora 29
Version : 3.4.20
Release : 1.fc29
URL : https://symfony.com
Summary : Symfony PHP framework (version 3)
Description :
Symfony PHP framework (version 3).

NOTE: Does not require PHPUnit bridge.

-------------------------------------------------------------------------------
-
Update Information:

**Version 3.4.20** (2018-12-06) * security
[CVE-2018-19790](https://symfony.com/cve-2018-19790) [Security\Http] detect bad
redirect targets using backslashes (@xabbuh) * security
[CVE-2018-19789](https://symfony.com/cve-2018-19789) [Form] Filter file uploads
out of regular form types (@nicolas-grekas) * bug #29436 [Cache] Fixed
Memcached adapter doClear()to call flush() (raitocz) * bug #29441 [Routing]
ignore trailing slash for non-GET requests (nicolas-grekas) * bug #29432 [DI]
dont inline when lazy edges are found (nicolas-grekas) * bug #29413
[Serializer] fixed DateTimeNormalizer to maintain microseconds when a different
timezone required (rvitaliy) * bug #29424 [Routing] fix taking verb into
account when redirecting (nicolas-grekas) * bug #29414 [DI] Fix dumping
expressions accessing single-use private services (chalasr) * bug #29375
[Validator] Allow `ConstraintViolation::__toString()` to expose codes that are
not null or emtpy strings (phansys) * bug #29376 [EventDispatcher] Fix
eventListener wrapper loop in TraceableEventDispatcher (jderusse) * bug #29343
[Form] Handle all case variants of "nan" when parsing a number
(mwhudson,
xabbuh) * bug #29355 [PropertyAccess] calculate cache keys for property
setters
depending on the value (xabbuh) * bug #29369 [DI] fix combinatorial explosion
when analyzing the service graph (nicolas-grekas) * bug #29349 [Debug]
workaround opcache bug mutating "$this" !?! (nicolas-grekas)
-------------------------------------------------------------------------------
-
ChangeLog:

* Fri Dec 7 2018 Remi Collet <remi@remirepo.net> - 3.4.20-1
- update to 3.4.20
* Tue Nov 27 2018 Remi Collet <remi@remirepo.net> - 3.4.19-1
- update to 3.4.19
* Mon Nov 5 2018 Remi Collet <remi@remirepo.net> - 3.4.18-1
- update to 3.4.18
* Thu Oct 18 2018 Remi Collet <remi@remirepo.net> - 3.4.17-2
- ignore doctrine/data-fixtures version
* Wed Oct 3 2018 Remi Collet <remi@remirepo.net> - 3.4.17-1
- update to 3.4.17
* Mon Oct 1 2018 Remi Collet <remi@remirepo.net> - 3.4.16-1
- update to 3.4.16
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-8d3a9bdff1' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org