[pkg-php-pear] Symfony: CVE-2015-4050 (ESI unauthorized access)
dabe at deb.ymc.ch
Wed May 27 07:26:31 UTC 2015
today security releases for Symfony targeting CVE-2015-4050 "ESI
unauthorized access" have made available by upstream . I updated the
jessie branch to contain a proper patch for this.
Since I was not sure whether this is urgency "high" or "critical", I did
not update d/changelog, thus please run a "# gbd dch --release" to
update it accordingly before uploading symfony to the archives.
Upstream seems not to release a fix for the 2.7 betas, soon. I guess
cherry-picking d320d27699abcea12479cf608908fa91bcc133d4 from upstream
should be enough (as it was for the 2.3 series). I've done so in
wip/2.7-CVE-2015-4050. Please have a look into this branch and merge it
into master (+ upload to sid), if you think its okay.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the pkg-php-pear