--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2018-8d3a9bdff1
2018-12-17 19:11:43.857962
--------------------------------------------------------------------------------Name        : php-symfony3
Product     : Fedora 29
Version     : 3.4.20
Release     : 1.fc29
URL         : https://symfony.com
Summary     : Symfony PHP framework (version 3)
Description :
Symfony PHP framework (version 3).

NOTE: Does not require PHPUnit bridge.

--------------------------------------------------------------------------------Update Information:

**Version  3.4.20** (2018-12-06)   * security
[CVE-2018-19790](https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http) [Security\Http] detect bad
redirect targets using backslashes (@xabbuh)  * security
[CVE-2018-19789](https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path) [Form] Filter file uploads
out of regular form types (@nicolas-grekas)  * bug #29436 [Cache] Fixed
Memcached adapter doClear()to call flush() (raitocz)  * bug #29441 [Routing]
ignore trailing slash for non-GET requests (nicolas-grekas)  * bug #29432 [DI]
dont inline when lazy edges are found (nicolas-grekas)  * bug #29413
[Serializer] fixed DateTimeNormalizer to maintain microseconds when a different
timezone required (rvitaliy)  * bug #29424 [Routing] fix taking verb into
account when redirecting (nicolas-grekas)  * bug #29414 [DI] Fix dumping
expressions accessing single-use private services (chalasr)  * bug #29375
[Validator] Allow `ConstraintViolation::__toString()` to expose codes that are
not null or emtpy strings (phansys)  * bug #29376 [EventDispatcher] Fix
eventListener wrapper loop in TraceableEventDispatcher (jderusse)  * bug #29343
[Form] Handle all case variants of "nan" when parsing a number (mwhudson,
xabbuh)  * bug #29355 [PropertyAccess] calculate cache keys for property setters
depending on the value (xabbuh)  * bug #29369 [DI] fix combinatorial explosion
when analyzing the service graph (nicolas-grekas)  * bug #29349 [Debug]
workaround opcache bug mutating "$this" !?! (nicolas-grekas)
--------------------------------------------------------------------------------ChangeLog:

* Fri Dec  7 2018 Remi Collet  - 3.4.20-1
- update to 3.4.20
* Tue Nov 27 2018 Remi Collet  - 3.4.19-1
- update to 3.4.19
* Mon Nov  5 2018 Remi Collet  - 3.4.18-1
- update to 3.4.18
* Thu Oct 18 2018 Remi Collet  - 3.4.17-2
- ignore doctrine/data-fixtures version
* Wed Oct  3 2018 Remi Collet  - 3.4.17-1
- update to 3.4.17
* Mon Oct  1 2018 Remi Collet  - 3.4.16-1
- update to 3.4.16
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-8d3a9bdff1' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Fedora 29: php-symfony3 Security Update 2018-8d3a9bdff1

December 17, 2018
**Version 3.4.20** (2018-12-06) * security [CVE-2018-19790](https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http) [Security\Http] detect ba...

Summary

Symfony PHP framework (version 3).

NOTE: Does not require PHPUnit bridge.

**Version 3.4.20** (2018-12-06) * security

[CVE-2018-19790](https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http) [Security\Http] detect bad

redirect targets using backslashes (@xabbuh) * security

[CVE-2018-19789](https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path) [Form] Filter file uploads

out of regular form types (@nicolas-grekas) * bug #29436 [Cache] Fixed

Memcached adapter doClear()to call flush() (raitocz) * bug #29441 [Routing]

ignore trailing slash for non-GET requests (nicolas-grekas) * bug #29432 [DI]

dont inline when lazy edges are found (nicolas-grekas) * bug #29413

[Serializer] fixed DateTimeNormalizer to maintain microseconds when a different

timezone required (rvitaliy) * bug #29424 [Routing] fix taking verb into

account when redirecting (nicolas-grekas) * bug #29414 [DI] Fix dumping

expressions accessing single-use private services (chalasr) * bug #29375

[Validator] Allow `ConstraintViolation::__toString()` to expose codes that are

not null or emtpy strings (phansys) * bug #29376 [EventDispatcher] Fix

eventListener wrapper loop in TraceableEventDispatcher (jderusse) * bug #29343

[Form] Handle all case variants of "nan" when parsing a number (mwhudson,

xabbuh) * bug #29355 [PropertyAccess] calculate cache keys for property setters

depending on the value (xabbuh) * bug #29369 [DI] fix combinatorial explosion

when analyzing the service graph (nicolas-grekas) * bug #29349 [Debug]

workaround opcache bug mutating "$this" !?! (nicolas-grekas)

* Fri Dec 7 2018 Remi Collet - 3.4.20-1

- update to 3.4.20

* Tue Nov 27 2018 Remi Collet - 3.4.19-1

- update to 3.4.19

* Mon Nov 5 2018 Remi Collet - 3.4.18-1

- update to 3.4.18

* Thu Oct 18 2018 Remi Collet - 3.4.17-2

- ignore doctrine/data-fixtures version

* Wed Oct 3 2018 Remi Collet - 3.4.17-1

- update to 3.4.17

* Mon Oct 1 2018 Remi Collet - 3.4.16-1

- update to 3.4.16

su -c 'dnf upgrade --advisory FEDORA-2018-8d3a9bdff1' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

FEDORA-2018-8d3a9bdff1 2018-12-17 19:11:43.857962 Product : Fedora 29 Version : 3.4.20 Release : 1.fc29 URL : https://symfony.com Summary : Symfony PHP framework (version 3) Description : Symfony PHP framework (version 3). NOTE: Does not require PHPUnit bridge. **Version 3.4.20** (2018-12-06) * security [CVE-2018-19790](https://symfony.com/blog/cve-2018-19790-open-redirect-vulnerability-when-using-security-http) [Security\Http] detect bad redirect targets using backslashes (@xabbuh) * security [CVE-2018-19789](https://symfony.com/blog/cve-2018-19789-disclosure-of-uploaded-files-full-path) [Form] Filter file uploads out of regular form types (@nicolas-grekas) * bug #29436 [Cache] Fixed Memcached adapter doClear()to call flush() (raitocz) * bug #29441 [Routing] ignore trailing slash for non-GET requests (nicolas-grekas) * bug #29432 [DI] dont inline when lazy edges are found (nicolas-grekas) * bug #29413 [Serializer] fixed DateTimeNormalizer to maintain microseconds when a different timezone required (rvitaliy) * bug #29424 [Routing] fix taking verb into account when redirecting (nicolas-grekas) * bug #29414 [DI] Fix dumping expressions accessing single-use private services (chalasr) * bug #29375 [Validator] Allow `ConstraintViolation::__toString()` to expose codes that are not null or emtpy strings (phansys) * bug #29376 [EventDispatcher] Fix eventListener wrapper loop in TraceableEventDispatcher (jderusse) * bug #29343 [Form] Handle all case variants of "nan" when parsing a number (mwhudson, xabbuh) * bug #29355 [PropertyAccess] calculate cache keys for property setters depending on the value (xabbuh) * bug #29369 [DI] fix combinatorial explosion when analyzing the service graph (nicolas-grekas) * bug #29349 [Debug] workaround opcache bug mutating "$this" !?! (nicolas-grekas) * Fri Dec 7 2018 Remi Collet - 3.4.20-1 - update to 3.4.20 * Tue Nov 27 2018 Remi Collet - 3.4.19-1 - update to 3.4.19 * Mon Nov 5 2018 Remi Collet - 3.4.18-1 - update to 3.4.18 * Thu Oct 18 2018 Remi Collet - 3.4.17-2 - ignore doctrine/data-fixtures version * Wed Oct 3 2018 Remi Collet - 3.4.17-1 - update to 3.4.17 * Mon Oct 1 2018 Remi Collet - 3.4.16-1 - update to 3.4.16 su -c 'dnf upgrade --advisory FEDORA-2018-8d3a9bdff1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
Product : Fedora 29
Version : 3.4.20
Release : 1.fc29
URL : https://symfony.com
Summary : Symfony PHP framework (version 3)

Related News

11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
2.Motherboard Esm H320
2 - 3 min read
The recently uncovered "Native Branch History Injection (BHI)" exploit against the Linux kernel marks a significant milestone in the ongoing battle
1.Penguin Landscape Esm H320
1 - 2 min read
There are compelling arguments in favor of Linux over Windows for desktop usage. Let's explore some advantages of choosing Linux over Windows for

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved