[pkg-php-pear] Symfony CVE-2015-8124 and CVE-2015-8125

Daniel Beyer dabe at deb.ymc.ch
Tue Nov 24 00:43:10 UTC 2015


@David: Do you have time to do the upload(s)?

On Mon, 2015-11-23 at 18:20 +0100, Daniel Beyer wrote:
> Hi
> I'm currently working on getting Symfony 2.3.35 ready due to:
> http://symfony.com/blog/symfony-2-3-35-released

I dropped the idea of upgrading to 2.3.35, since twig in jessie is to
old for it. Instead I backported the fixes for the CVEs to 2.3.21. They
are ready in the jessie branch. I already sent a mail regarding an
upload to team at security.d.o, 

> The 2.7 in sid needs to be updated as well, but I did not start with
> that, yet:
> http://symfony.com/blog/symfony-2-7-7-released

I'll try to get this done later today.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20151124/4ec68b65/attachment.sig>

More information about the pkg-php-pear mailing list