[pkg-php-pear] Fix for CVE-2015-4050/symfony
Moritz Mühlenhoff
jmm at inutil.org
Sat May 30 16:55:15 UTC 2015
On Wed, May 27, 2015 at 09:31:14AM -0400, David Prévot wrote:
> Hi,
>
> Daniel just prepared a fixed symfony package backporting the patch for
> CVE-2015-4050. Please find attached the actual debdiff as well as the
> additional patch (to ease reviewing). I’ve also pushed the fixed
> packages on p.d.o to ease testing:
>
> https://people.debian.org/~taffit/symfony/
>
> (php-symfony-http-kernel is actually the only binary package fixed).
>
> We can provide an initial draft for the DSA (based on upstream
> announcement) if you believe the package is worth fixing via a DSA.
Please upload to security-master, we can fix this through a DSA.
Cheers,
Moritz
More information about the pkg-php-pear
mailing list