Fedora 23: php-twig Security Update

    Date05 Dec 2015
    CategoryFedora
    17
    Posted ByLinuxSecurity Advisories
    **Twig 1.23.1** (2015-11-05) * fixed some exception messages which triggered PHP warnings * fixed BC on Twig_Test_NodeTestCase **Twig 1.23.0** (2015-10-29) * deprecated the possibility to override an extension by registering another one with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added Twig_Extension_GlobalsInterface for BC) * deprecated
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2015-0efcb5fbc5
    2015-12-05 23:28:48.802310
    --------------------------------------------------------------------------------
    
    Name        : php-twig
    Product     : Fedora 23
    Version     : 1.23.1
    Release     : 2.fc23
    URL         : http://twig.sensiolabs.org
    Summary     : The flexible, fast, and secure template engine for PHP
    Description :
    The flexible, fast, and secure template engine for PHP.
    
    * Fast: Twig compiles templates down to plain optimized PHP code. The
      overhead compared to regular PHP code was reduced to the very minimum.
    
    * Secure: Twig has a sandbox mode to evaluate untrusted template code. This
      allows Twig to be used as a template language for applications where users
      may modify the template design.
    
    * Flexible: Twig is powered by a flexible lexer and parser. This allows the
      developer to define its own custom tags and filters, and create its own
      DSL.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    **Twig 1.23.1** (2015-11-05)  * fixed some exception messages which triggered
    PHP warnings * fixed BC on Twig_Test_NodeTestCase  **Twig 1.23.0** (2015-10-29)
    * deprecated the possibility to override an extension by registering another one
    with the same name * deprecated Twig_ExtensionInterface::getGlobals() (added
    Twig_Extension_GlobalsInterface for BC) * deprecated
    Twig_ExtensionInterface::initRuntime() (added
    Twig_Extension_InitRuntimeInterface for BC) * deprecated
    Twig_Environment::computeAlternatives()  **Symfony 2.7.7** (2015-11-23)  *
    security #16631 CVE-2015-8124: Session Fixation in the "Remember Me" Login
    Feature (xabbuh) *    security #16630 CVE-2015-8125: Potential Remote Timing
    Attack Vulnerability in Security Remember-Me Service (xabbuh) *    bug #16588
    Sent out a status text for unknown HTTP headers. (dawehner) *    bug #16295
    [DependencyInjection] Unescape parameters for all types of injection (Nicofuma)
    *    bug #16574 [Process] Fix PhpProcess with phpdbg runtime (nicolas-grekas) *
    bug #16578 [Console] Fix bug in windows detection (kbond) *    bug #16546
    [Serializer] ObjectNormalizer: don't serialize static methods and props
    (dunglas) *    bug #16352 Fix the server variables in the router_*.php files
    (leofeyer) *    bug #16537 [Validator] Allow an empty path with a non empty
    fragment or a query (jakzal) *    bug #16528 [Translation] Add support for
    Armenian pluralization. (marcosdsanchez) *    bug #16510 [Process] fix Proccess
    run with pts enabled (ewgRa) *    bug #16292 fix race condition at mkdir
    (#16258) (ewgRa) *    bug #15945 [Form] trigger deprecation warning when using
    empty_value (xabbuh) *    bug #16384 [FrameworkBundle] JsonDescriptor - encode
    container params only once (xabbuh) *    bug #16480 [VarDumper] Fix PHP7 type-
    hints compat (nicolas-grekas) *    bug #16463 [PropertyAccess] Port of the
    performance optimization from 2.3 (dunglas) *    bug #16462 [PropertyAccess] Fix
    dynamic property accessing. (dunglas) *    bug #16454 [Serializer]
    GetSetNormalizer shouldn't set/get static methods (boekkooi) *    bug #16453
    [Serializer] PropertyNormalizer shouldn't set static properties (boekkooi) *
    bug #16471 [VarDumper] Fix casting for ReflectionParameter (nicolas-grekas) *
    bug #16294 [PropertyAccess] Major performance improvement (dunglas) *    bug
    #16331 fixed Twig deprecation notices (fabpot) *    bug #16306 [DoctrineBridge]
    Fix issue which prevent the profiler to explain a query (Baachi) *    bug #16359
    Use mb_detect_encoding with $strict = true (nicolas-grekas) *    bug #16144
    [Security] don't allow to install the split Security packages (xabbuh)
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1285263 - CVE-2015-8124 CVE-2015-8125 php-symfony: Session fixation and remote timing attack vulnerabilities
            https://bugzilla.redhat.com/show_bug.cgi?id=1285263
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program. Use
    su -c 'yum update php-twig' at the command line.
    For more information, refer to "Managing Software with yum",
    available at https://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    https://admin.fedoraproject.org/mailman/listinfo/package-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    In your opinion, what is the biggest advantage associated with choosing open-source software/products?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 4 answer(s).
    /component/communitypolls/?task=poll.vote
    8
    radio
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.