Sigurnosni nedostaci programskog paketa php-symfony

Preporuke

by - 25. studenoga 2019.0

Detalji os-a: WN7
Važnost: IMP
Operativni sustavi: L
Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2019-9c2ad3b018
2019-11-22 01:22:12.839264
——————————————————————————–

Name : php-symfony
Product : Fedora 30
Version : 2.8.52
Release : 1.fc30
URL : https://symfony.com
Summary : PHP framework for web projects
Description :
PHP framework for web projects

——————————————————————————–
Update Information:

**Version 2.8.52** (2019-11-13) * security #cve-2019-18888 [HttpFoundation]
fix guessing mime-types of files with leading dash (nicolas-grekas) * security
#cve-2019-18887 [HttpKernel] Use constant time comparison in UriSigner (stof)
——————————————————————————–
ChangeLog:

* Wed Nov 13 2019 Remi Collet <remi@remirepo.net> – 2.8.52-1
– update to 2.8.52
* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> – 2.8.51-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Wed Jun 19 2019 Shawn Iwinski <shawn.iwinski@gmail.com> – 2.8.51-2
– Disable tests by default (follows php-symfony3 and php-symfony4 pkgs)
– Always require build dependencies
– Use range version dependencies for Fedora >= 27 || RHEL >= 8
– Bump psr/log min version to 1.0.1 so php-composer(psr/log) virtual provide can be used
* Thu Apr 18 2019 Remi Collet <remi@remirepo.net> – 2.8.51-1
– update to 2.8.51
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-9c2ad3b018’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2019-8b0ba02338
2019-11-22 00:46:48.106681
——————————————————————————–

Name : php-symfony3
Product : Fedora 31
Version : 3.4.35
Release : 2.fc31
URL : https://symfony.com
Summary : Symfony PHP framework (version 3)
Description :
Symfony PHP framework (version 3).

NOTE: Does not require PHPUnit bridge.

——————————————————————————–
Update Information:

**Version 3.4.35** (2019-11-13) * bug #34344 [Console] Constant STDOUT might
be undefined (nicolas-grekas) * security #cve-2019-18889 [Cache] forbid
serializing AbstractAdapter and TagAwareAdapter instances (nicolas-grekas) *
security #cve-2019-18888 [HttpFoundation] fix guessing mime-types of files with
leading dash (nicolas-grekas) * security #cve-2019-18887 [HttpKernel] Use
constant time comparison in UriSigner (stof) —- **Version 3.4.34**
(2019-11-11) * bug #34297 [DI] fix locators with numeric keys (nicolas-grekas)
* bug #34282 [DI] Dont cache classes with missing parents (nicolas-grekas) *
bug #34181 [Stopwatch] Fixed bug in getDuration when counting multiple ongoing
periods (TimoBakx) * bug #34179 [Stopwatch] Fixed a bug in
StopwatchEvent::getStartTime (TimoBakx) * bug #34203 [FrameworkBundle]
[HttpKernel] fixed correct EOL and EOM month (erics86) —- **Version 3.4.33**
(2019-11-01) * bug #33998 [Config] Disable default alphabet sorting in glob
function due of unstable sort (hurricane-voronin) * bug #34144 [Serializer]
Improve messages for unexpected resources values (fancyweb) * bug #34080
[SecurityBundle] correct types for default arguments for firewall configs
(shieldo) * bug #33999 [Form] Make sure to collect child forms created on
*_SET_DATA events (yceruto) * bug #34021 [TwigBridge] do not render errors for
checkboxes twice (xabbuh) * bug #34041 [HttpKernel] fix wrong removal of the
just generated container dir (nicolas-grekas) * bug #34023 [Dotenv] allow LF in
single-quoted strings (nicolas-grekas) * bug #33818 [Yaml] Throw exception for
tagged invalid inline elements (gharlan) * bug #33948 [PropertyInfo] Respect
property name case when guessing from public method name (antograssiot) * bug
#33962 [Cache] fixed TagAwareAdapter returning invalid cache (v-m-i) * bug
#33965 [HttpFoundation] Add plus character `+` to legal mime subtype (ilzrv) *
bug #32943 [Dotenv] search variable values in ENV first then env file
(soufianZantar) * bug #33943 [VarDumper] fix resetting the “bold” state in
CliDumper (nicolas-grekas) —- **Version 3.4.32** (2019-10-07) * bug #33834
[Validator] Fix ValidValidator group cascading usage (fancyweb) * bug #33841
[VarDumper] fix dumping uninitialized SplFileInfo (nicolas-grekas) * bug #33799
[Security]: Don’t let falsy usernames slip through impersonation (j4nr6n) * bug
#33814 [HttpFoundation] Check if data passed to SessionBagProxy::initialize is
an array (mynameisbogdan) * bug #33805 [FrameworkBundle] Fix wrong returned
status code in ConfigDebugCommand (jschaedl) * bug #33781
[AnnotationCacheWarmer] add RedirectController to annotation cache (jenschude)
* bug #33777 Fix the :only-of-type pseudo class selector (jakzal) * bug #32051
[Serializer] Add CsvEncoder tests for PHP 7.4 (ro0NL) * feature #33776 Copy
phpunit.xsd to a predictable path (julienfalque) * bug #33759 [Security/Http]
fix parsing X509 emailAddress (nicolas-grekas) * bug #33733 [Serializer] fix
denormalization of string-arrays with only one element (mkrauser) * bug #33754
[Cache] fix known tag versions ttl check (SwenVanZanten) * bug #33646
[HttpFoundation] allow additinal characters in not raw cookies (marie) * bug
#33748 [Console] Do not include hidden commands in suggested alternatives (m-vo)
* bug #33625 [DependencyInjection] Fix wrong exception when service is synthetic
(k0d3r1s) * bug #32522 [Validator] Accept underscores in the URL validator, as
the URL will load (battye) * bug #32437 Fix toolbar load when GET params are
present in “_wdt” route (Molkobain) * bug #32925 [Translation] Collect original
locale in case of fallback translation (digilist) * bug #31198
[FrameworkBundle] Fix framework bundle lock configuration not working as
expected (HypeMC) * bug #33719 [Cache] dont override native Memcached options
(nicolas-grekas) * bug #33675 [PhpUnit] Fix usleep mock return value (fabpot)
* bug #33618 fix tests depending on other components’ tests (xabbuh) * bug
#33626 [PropertyInfo] ensure compatibility with type resolver 0.5 (xabbuh) *
bug #33620 [Twig] Fix Twig config extra keys (fabpot) * bug #33571 [Inflector]
add support ‘see’ to ‘ee’ for singularize ‘fees’ to ‘fee’ (maxhelias) * bug
#32763 [Console] Get dimensions from stty on windows if possible (rtek) * bug
#33518 [Yaml] don’t dump a scalar tag value on its own line (xabbuh) * bug
#32818 [HttpKernel] Fix getFileLinkFormat() to avoid returning the wrong URL in
Profiler (Arman-Hosseini) * bug #33487 [HttpKernel] Fix Apache mod_expires
Session Cache-Control issue (pbowyer) * bug #33439 [Validator] Sync string to
date behavior and throw a better exception (fancyweb) * bug #32903 [PHPUnit
Bridge] Avoid registering listener twice (alexpott) * bug #33402 [Finder]
Prevent unintentional file locks in Windows (jspringe) * bug #33396 Fix #33395
PHP 5.3 compatibility (kylekatarnls) * bug #33385 [Console] allow
Command::getName() to return null (nicolas-grekas) * bug #33353 Return null as
Expire header if it was set to null (danrot) * bug #33382 [ProxyManager] remove
ProxiedMethodReturnExpression polyfill (nicolas-grekas) * bug #33377 [Yaml] fix
dumping not inlined scalar tag values (xabbuh) —- **Version 3.4.31**
(2019-08-26) * bug #33335 [DependencyInjection] Fixed the `getServiceIds`
implementation to always return aliases (pdommelen) * bug #33244 [Router] Fix
TraceableUrlMatcher behaviour with trailing slash (Xavier Leune) * bug #33172
[Console] fixed a PHP notice when there is no function in the stack trace of an
Exception (fabpot) * bug #33157 Fix getMaxFilesize() returning zero (ausi) *
bug #33139 [Intl] Cleanup unused language aliases entry (ro0NL) * bug #33066
[Serializer] Fix negative DateInterval (jderusse) * bug #33033 [Lock]
consistently throw NotSupportException (xabbuh) * bug #32516
[FrameworkBundle][Config] Ignore exceptions thrown during reflection classes
autoload (fancyweb) * bug #32981 Fix tests/code for php 7.4 (jderusse) * bug
#32992 [ProxyManagerBridge] Polyfill for unmaintained version (jderusse) * bug
#32933 [PhpUnitBridge] fixed PHPUnit 8.3 compatibility: method handleError was
renamed to __invoke (karser) * bug #32947 [Intl] Support DateTimeInterface in
IntlDateFormatter::format (pierredup) * bug #32838 [FrameworkBundle] Detect
indirect env vars in routing (ro0NL) * bug #32918 [Intl] Order alpha2 to alpha3
mapping (ro0NL) * bug #32902 [PhpUnitBridge] Allow sutFqcnResolver to return
array (VincentLanglet) * bug #32682 [HttpFoundation] Revert getClientIp @return
docblock (ossinkine) * bug #32910 [Yaml] PHP-8: Uncaught TypeError: abs()
expects parameter 1 to be int or float, string given (Aleksandr Dankovtsev) *
bug #32870 #32853 Check if $this->parameters is array. (ABGEO07) * bug #32868
[PhpUnitBridge] Allow symfony/phpunit-bridge > 4.2 to be installed with phpunit
4.8 (jderusse) * bug #32767 [Yaml] fix comment in multi line value
(soufianZantar) * bug #32790 [HttpFoundation] Fix `getMaxFilesize` (bennyborn)
* bug #32796 [Cache] fix warning on PHP 7.4 (jpauli) * bug #32806 [Console] fix
warning on PHP 7.4 (rez1dent3) * bug #32809 Don’t add object-value of static
properties in the signature of container metadata-cache (arjenm) * bug #30096
[DI] Fix dumping Doctrine-like service graphs (bis) (weaverryan, nicolas-grekas)
* bug #32799 [HttpKernel] do not stopwatch sections when profiler is disabled
(Tobion) —- **Packaging changes** * One distinct autoloader for each
component.
——————————————————————————–
ChangeLog:

* Wed Nov 13 2019 Remi Collet <remi@remirepo.net> – 3.4.35-2
– update to 3.4.35
– use range dependencies
* Tue Nov 12 2019 Remi Collet <remi@remirepo.net> – 3.4.34-1
– update to 3.4.34
* Tue Nov 5 2019 Remi Collet <remi@remirepo.net> – 3.4.33-1
– update to 3.4.33
– raise dependency on twig 1.41
– raise dependency on egulias/email-validator 2.1.10
– raise dependency on doctrine/annotations 1.7
– switch to phpunit7
* Sat Sep 14 2019 Shawn Iwinski <shawn.iwinski@gmail.com> – 3.4.30-2
– Update autoloader generator to include self PSR-0, PSR-4, files, and classmap
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-8b0ba02338’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

——————————————————————————–
Fedora Update Notification
FEDORA-2019-5ae4fd9203
2019-11-22 00:46:48.106665
——————————————————————————–

Name : php-symfony
Product : Fedora 31
Version : 2.8.52
Release : 1.fc31
URL : https://symfony.com
Summary : PHP framework for web projects
Description :
PHP framework for web projects

——————————————————————————–
Update Information:

* Wed Nov 13 2019 Remi Collet <remi@remirepo.net> – 2.8.52-1
– update to 2.8.52
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2019-5ae4fd9203’ at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Autor	Toni Vugdelija
Cert id	NCERT-REF-2019-11-0001-ADV
Cve	CERT-CVE-DUMMY
ID izvornika	CERT-ORIGID-DUMMY
Proizvod	CERT-DUMMY-PRODUCT
Izvor	Adobe

Sigurnosni nedostaci programskog paketa php-symfony

Archives

More in Preporuke

Sigurnosni nedostaci programskog paketa chromium