[pkg-php-pear] Bug#813653: jessie-pu: package symfony/2.3.21+dfsg-4+deb8u3
David Prévot
taffit at debian.org
Thu Feb 4 01:40:22 UTC 2016
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org at packages.debian.org
Usertags: pu
Hi,
As agreed with the security team, we’d like to fix CVE-2016-1902 via
p-u. The patch is “a bit” bigger than usual (homemade implementation
replaced by a proper embedded one), sorry about that. Thanks in advance
for considering it.
symfony (2.3.21+dfsg-4+deb8u3) jessie; urgency=medium
[ Daniel Beyer ]
* Backport a security fix from 2.3.37
- SecureRandom's fallback not secure when OpenSSL fails [CVE-2016-1902]
[ David Prévot ]
* Add copyright entry for embeded paragonie/random_compat
Please note that the only component touch by this fix
(php-symfony-security) has no (external) reverse dependencies in Jessie.
Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: symfony.patch
Type: text/x-diff
Size: 54516 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160203/0a8354dc/attachment-0001.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-pear/attachments/20160203/0a8354dc/attachment-0001.sig>
More information about the pkg-php-pear
mailing list