You are here
Home > Preporuke > Ranjivost programskog paketa php-guzzlehttp-guzzle

Ranjivost programskog paketa php-guzzlehttp-guzzle

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

——————————————————————————–
Fedora Update Notification
FEDORA-2016-9c8cf5912c
2016-07-28 20:58:22.230454
——————————————————————————–

Name : php-guzzlehttp-guzzle6
Product : Fedora 23
Version : 6.2.1
Release : 1.fc23
URL : http://guzzlephp.org
Summary : PHP HTTP client library
Description :
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial
to integrate with web services.

* Simple interface for building query strings, POST requests, streaming large
uploads, streaming large downloads, using HTTP cookies, uploading JSON data,
etc…
* Can send both synchronous and asynchronous requests using the same interface.
* Uses PSR-7 interfaces for requests, responses, and streams. This allows you
to utilize other PSR-7 compatible libraries with Guzzle.
* Abstracts away the underlying HTTP transport, allowing you to write
environment and transport agnostic code; i.e., no hard dependency on cURL,
PHP streams, sockets, or non-blocking event loops.
* Middleware system allows you to augment and compose client behavior.

Autoloader: /usr/share/php/GuzzleHttp6/autoload.php

——————————————————————————–
Update Information:

## 6.2.1 – 2016-07-18 * Address HTTP_PROXY security vulnerability,
CVE-2016-5385: https://httpoxy.org/ * Fixing timeout bug with StreamHandler:
https://github.com/guzzle/guzzle/pull/1488 * Only read up to `Content-Length` in
PHP StreamHandler to avoid timeouts when a server does not honor `Connection:
close`. * Ignore URI fragment when sending requests.
——————————————————————————–
References:

[ 1 ] Bug #1357582 – php-guzzlehttp-guzzle6-6.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1357582
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-guzzlehttp-guzzle6’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-e2c8f5f95a
2016-07-28 20:58:22.230393
——————————————————————————–

Name : php-guzzlehttp-guzzle
Product : Fedora 23
Version : 5.3.1
Release : 1.fc23
URL : http://guzzlephp.org
Summary : PHP HTTP client and webservice framework
Description :
Guzzle is a PHP HTTP client that makes it easy to work with HTTP/1.1 and takes
the pain out of consuming web services.

* Pluggable HTTP adapters that can send requests serially or in parallel
* Doesn’t require cURL, but uses cURL by default
* Streams data for both uploads and downloads
* Provides event hooks & plugins for cookies, caching, logging, OAuth, mocks,
etc
* Keep-Alive & connection pooling
* SSL Verification
* Automatic decompression of response bodies
* Streaming multipart file uploads
* Connection timeouts

——————————————————————————–
Update Information:

## 5.3.1 – 2016-07-18 * Address HTTP_PROXY security vulnerability,
CVE-2016-5385: https://httpoxy.org/ * Event name fix:
https://github.com/guzzle/guzzle/commit/fcae91ff31de41e312fe113ec3acbcda31b2622e
* Response header case sensitivity fix:
https://github.com/guzzle/guzzle/commit/043eeadf20ee40ddc6712faee4d3957a91f2b041
——————————————————————————–
References:

[ 1 ] Bug #1357580 – php-guzzlehttp-guzzle-5.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1357580
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-guzzlehttp-guzzle’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-4e7db3d437
2016-07-28 20:58:53.012584
——————————————————————————–

Name : php-guzzlehttp-guzzle6
Product : Fedora 24
Version : 6.2.1
Release : 1.fc24
URL : http://guzzlephp.org
Summary : PHP HTTP client library
Description :
Guzzle is a PHP HTTP client that makes it easy to send HTTP requests and trivial
to integrate with web services.

* Simple interface for building query strings, POST requests, streaming large
uploads, streaming large downloads, using HTTP cookies, uploading JSON data,
etc…
* Can send both synchronous and asynchronous requests using the same interface.
* Uses PSR-7 interfaces for requests, responses, and streams. This allows you
to utilize other PSR-7 compatible libraries with Guzzle.
* Abstracts away the underlying HTTP transport, allowing you to write
environment and transport agnostic code; i.e., no hard dependency on cURL,
PHP streams, sockets, or non-blocking event loops.
* Middleware system allows you to augment and compose client behavior.

Autoloader: /usr/share/php/GuzzleHttp6/autoload.php

——————————————————————————–
Update Information:

## 6.2.1 – 2016-07-18 * Address HTTP_PROXY security vulnerability,
CVE-2016-5385: https://httpoxy.org/ * Fixing timeout bug with StreamHandler:
https://github.com/guzzle/guzzle/pull/1488 * Only read up to `Content-Length` in
PHP StreamHandler to avoid timeouts when a server does not honor `Connection:
close`. * Ignore URI fragment when sending requests.
——————————————————————————–
References:

[ 1 ] Bug #1357582 – php-guzzlehttp-guzzle6-6.2.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1357582
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-guzzlehttp-guzzle6’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2016-aef8a45afe
2016-07-28 20:58:53.012104
——————————————————————————–

Name : php-guzzlehttp-guzzle
Product : Fedora 24
Version : 5.3.1
Release : 1.fc24
URL : http://guzzlephp.org
Summary : PHP HTTP client and webservice framework
Description :
Guzzle is a PHP HTTP client that makes it easy to work with HTTP/1.1 and takes
the pain out of consuming web services.

* Pluggable HTTP adapters that can send requests serially or in parallel
* Doesn’t require cURL, but uses cURL by default
* Streams data for both uploads and downloads
* Provides event hooks & plugins for cookies, caching, logging, OAuth, mocks,
etc
* Keep-Alive & connection pooling
* SSL Verification
* Automatic decompression of response bodies
* Streaming multipart file uploads
* Connection timeouts

——————————————————————————–
Update Information:

## 5.3.1 – 2016-07-18 * Address HTTP_PROXY security vulnerability,
CVE-2016-5385: https://httpoxy.org/ * Event name fix:
https://github.com/guzzle/guzzle/commit/fcae91ff31de41e312fe113ec3acbcda31b2622e
* Response header case sensitivity fix:
https://github.com/guzzle/guzzle/commit/043eeadf20ee40ddc6712faee4d3957a91f2b041
——————————————————————————–
References:

[ 1 ] Bug #1357580 – php-guzzlehttp-guzzle-5.3.1 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1357580
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update php-guzzlehttp-guzzle’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org

AutorTomislav Protega
Cert idNCERT-REF-2016-07-0131-ADV
CveCERT-CVE-DUMMY
ID izvornikaCERT-ORIGID-DUMMY
ProizvodCERT-DUMMY-PRODUCT
Izvorhttp://www.adobe.com/
Top
More in Preporuke
Ranjivost programskog paketa golang

Otkrivena je ranjivost u paketu net/http unutar programskog jezika Go za Fedoru. Paket net/http nije se pokušavao referirati prema sekciji...

Close