[pkg-php-pear] Fix for CVE-2015-4050/symfony

Moritz Mühlenhoff jmm at inutil.org
Sat May 30 16:55:15 UTC 2015


On Wed, May 27, 2015 at 09:31:14AM -0400, David Prévot wrote:
> Hi,
> 
> Daniel just prepared a fixed symfony package backporting the patch for
> CVE-2015-4050. Please find attached the actual debdiff as well as the
> additional patch (to ease reviewing). I’ve also pushed the fixed
> packages on p.d.o to ease testing:
> 
> 	https://people.debian.org/~taffit/symfony/
> 
> (php-symfony-http-kernel is actually the only binary package fixed).
> 
> We can provide an initial draft for the DSA (based on upstream
> announcement) if you believe the package is worth fixing via a DSA.

Please upload to security-master, we can fix this through a DSA.

Cheers,
        Moritz



More information about the pkg-php-pear mailing list