--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-0efcb5fbc5
2015-12-05 23:28:48.802310
--------------------------------------------------------------------------------

Name        : php-symfony
Product     : Fedora 23
Version     : 2.7.7
Release     : 2.fc23
URL         : https://symfony.com/
Summary     : PHP framework for web projects
Description :
PHP framework for web projects

--------------------------------------------------------------------------------
Update Information:

**Twig 1.23.1** (2015-11-05)  * fixed some exception messages which triggered
PHP warnings * fixed BC on Twig_Test_NodeTestCase  **Twig 1.23.0** (2015-10-29)
* deprecated the possibility to override an extension by registering another one
with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added
Twig_Extension_GlobalsInterface for BC) * deprecated
Twig_ExtensionInterface::initRuntime() (added
Twig_Extension_InitRuntimeInterface for BC) * deprecated
Twig_Environment::computeAlternatives()  **Symfony 2.7.7** (2015-11-23)  *
security #16631 CVE-2015-8124: Session Fixation in the "Remember Me" Login
Feature (xabbuh) *    security #16630 CVE-2015-8125: Potential Remote Timing
Attack Vulnerability in Security Remember-Me Service (xabbuh) *    bug #16588
Sent out a status text for unknown HTTP headers. (dawehner) *    bug #16295
[DependencyInjection] Unescape parameters for all types of injection (Nicofuma)
*    bug #16574 [Process] Fix PhpProcess with phpdbg runtime (nicolas-grekas) *
bug #16578 [Console] Fix bug in windows detection (kbond) *    bug #16546
[Serializer] ObjectNormalizer: don't serialize static methods and props
(dunglas) *    bug #16352 Fix the server variables in the router_*.php files
(leofeyer) *    bug #16537 [Validator] Allow an empty path with a non empty
fragment or a query (jakzal) *    bug #16528 [Translation] Add support for
Armenian pluralization. (marcosdsanchez) *    bug #16510 [Process] fix Proccess
run with pts enabled (ewgRa) *    bug #16292 fix race condition at mkdir
(#16258) (ewgRa) *    bug #15945 [Form] trigger deprecation warning when using
empty_value (xabbuh) *    bug #16384 [FrameworkBundle] JsonDescriptor - encode
container params only once (xabbuh) *    bug #16480 [VarDumper] Fix PHP7 type-
hints compat (nicolas-grekas) *    bug #16463 [PropertyAccess] Port of the
performance optimization from 2.3 (dunglas) *    bug #16462 [PropertyAccess] Fix
dynamic property accessing. (dunglas) *    bug #16454 [Serializer]
GetSetNormalizer shouldn't set/get static methods (boekkooi) *    bug #16453
[Serializer] PropertyNormalizer shouldn't set static properties (boekkooi) *
bug #16471 [VarDumper] Fix casting for ReflectionParameter (nicolas-grekas) *
bug #16294 [PropertyAccess] Major performance improvement (dunglas) *    bug
#16331 fixed Twig deprecation notices (fabpot) *    bug #16306 [DoctrineBridge]
Fix issue which prevent the profiler to explain a query (Baachi) *    bug #16359
Use mb_detect_encoding with $strict = true (nicolas-grekas) *    bug #16144
[Security] don't allow to install the split Security packages (xabbuh)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1285263 - CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities
        https://bugzilla.redhat.com/show_bug.cgi?id=1285263
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update php-symfony' at the command line.
For more information, refer to "Managing Software with yum",
available at .

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce.lists.fedoraproject.org/

Fedora 23: php-symfony Security Update

December 6, 2015
**Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29) * deprecated the possibi...

Summary

PHP framework for web projects

Update Information:

**Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29) * deprecated the possibility to override an extension by registering another one with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added Twig_Extension_GlobalsInterface for BC) * deprecated Twig_ExtensionInterface::initRuntime() (added Twig_Extension_InitRuntimeInterface for BC) * deprecated Twig_Environment::computeAlternatives() **Symfony 2.7.7** (2015-11-23) * security #16631 CVE-2015-8124: Session Fixation in the "Remember Me" Login Feature (xabbuh) * security #16630 CVE-2015-8125: Potential Remote Timing Attack Vulnerability in Security Remember-Me Service (xabbuh) * bug #16588 Sent out a status text for unknown HTTP headers. (dawehner) * bug #16295 [DependencyInjection] Unescape parameters for all types of injection (Nicofuma) * bug #16574 [Process] Fix PhpProcess with phpdbg runtime (nicolas-grekas) * bug #16578 [Console] Fix bug in windows detection (kbond) * bug #16546 [Serializer] ObjectNormalizer: don't serialize static methods and props (dunglas) * bug #16352 Fix the server variables in the router_*.php files (leofeyer) * bug #16537 [Validator] Allow an empty path with a non empty fragment or a query (jakzal) * bug #16528 [Translation] Add support for Armenian pluralization. (marcosdsanchez) * bug #16510 [Process] fix Proccess run with pts enabled (ewgRa) * bug #16292 fix race condition at mkdir (#16258) (ewgRa) * bug #15945 [Form] trigger deprecation warning when using empty_value (xabbuh) * bug #16384 [FrameworkBundle] JsonDescriptor - encode container params only once (xabbuh) * bug #16480 [VarDumper] Fix PHP7 type- hints compat (nicolas-grekas) * bug #16463 [PropertyAccess] Port of the performance optimization from 2.3 (dunglas) * bug #16462 [PropertyAccess] Fix dynamic property accessing. (dunglas) * bug #16454 [Serializer] GetSetNormalizer shouldn't set/get static methods (boekkooi) * bug #16453 [Serializer] PropertyNormalizer shouldn't set static properties (boekkooi) * bug #16471 [VarDumper] Fix casting for ReflectionParameter (nicolas-grekas) * bug #16294 [PropertyAccess] Major performance improvement (dunglas) * bug #16331 fixed Twig deprecation notices (fabpot) * bug #16306 [DoctrineBridge] Fix issue which prevent the profiler to explain a query (Baachi) * bug #16359 Use mb_detect_encoding with $strict = true (nicolas-grekas) * bug #16144 [Security] don't allow to install the split Security packages (xabbuh)

Change Log

References

[ 1 ] Bug #1285263 - CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities https://bugzilla.redhat.com/show_bug.cgi?id=1285263

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update php-symfony' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
Name : php-symfony
Product : Fedora 23
Version : 2.7.7
Release : 2.fc23
URL : https://symfony.com/
Summary : PHP framework for web projects

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved