[pkg-php-pear] Symfony: CVE-2015-4050 (ESI unauthorized access)

Daniel Beyer dabe at deb.ymc.ch
Wed May 27 07:26:31 UTC 2015

Hi David,

today security releases for Symfony targeting CVE-2015-4050 "ESI
unauthorized access" have made available by upstream [1]. I updated the
jessie branch to contain a proper patch for this.
Since I was not sure whether this is urgency "high" or "critical", I did
not update d/changelog, thus please run a "# gbd dch --release" to
update it accordingly before uploading symfony to the archives.

Upstream seems not to release a fix for the 2.7 betas, soon. I guess
cherry-picking d320d27699abcea12479cf608908fa91bcc133d4 from upstream
should be enough (as it was for the 2.3 series). I've done so in
wip/2.7-CVE-2015-4050. Please have a look into this branch and merge it
into master (+ upload to sid), if you think its okay.


[1] http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20150527/3d9801bf/attachment.sig>

More information about the pkg-php-pear mailing list