[pkg-php-pear] Symfony CVE-2015-8124 and CVE-2015-8125

Daniel Beyer dabe at deb.ymc.ch
Tue Nov 24 08:27:07 UTC 2015

Hi David,

On Mon, 2015-11-23 at 23:10 -0400, David Prévot wrote:
> Hi Daniel,
> Le 23/11/2015 20:43, Daniel Beyer a écrit :
> > @David: Do you have time to do the upload(s)?
> Sure, already built the Jessie version, will upload once the security
> team gives the green light.

Great, thanks.

> >> The 2.7 in sid needs to be updated as well, but I did not start
> Let me know once you’re done, I’ll try and upload it quickly.

Symfony 2.7.7 is ready in master: I had a quick look onto upstream's
changes, checked the signature on the v2.7.7 tag and made sure the
repacked orig-src is sane.

One change to the Debian packaging:
* Pin debian/watch to stable 2.x releases of Symfony
I think we can wait for a stable 2.8 release and do not need package
some 2.n.n-BETAn versions for sid anymore [1] (for experimental we'll of
course need to revert this for 3.x).

As always I left d/changelog open for possible modifications you might
like to do.


[1] So far nobody disagree in this thread:
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20151124/279682cf/attachment.sig>

More information about the pkg-php-pear mailing list