[pkg-php-pear] symfony_2.8.7+dfsg-1.3+deb9u1_source.changes ACCEPTED into proposed-updates->stable-new
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Fri Aug 3 17:34:50 BST 2018
Mapping stable-security to proposed-updates.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 25 Jul 2018 15:22:39 +0800
Source: symfony
Binary: php-symfony php-symfony-asset php-symfony-browser-kit php-symfony-class-loader php-symfony-config php-symfony-console php-symfony-css-selector php-symfony-debug php-symfony-dependency-injection php-symfony-dom-crawler php-symfony-event-dispatcher php-symfony-expression-language php-symfony-filesystem php-symfony-finder php-symfony-form php-symfony-http-foundation php-symfony-http-kernel php-symfony-intl php-symfony-ldap php-symfony-locale php-symfony-options-resolver php-symfony-process php-symfony-property-access php-symfony-property-info php-symfony-routing php-symfony-security php-symfony-security-core php-symfony-security-csrf php-symfony-security-guard php-symfony-security-http php-symfony-serializer php-symfony-stopwatch php-symfony-templating php-symfony-translation php-symfony-validator php-symfony-var-dumper php-symfony-yaml php-symfony-doctrine-bridge php-symfony-monolog-bridge php-symfony-phpunit-bridge php-symfony-proxy-manager-bridge
php-symfony-swiftmailer-bridge php-symfony-twig-bridge php-symfony-debug-bundle php-symfony-framework-bundle php-symfony-security-bundle php-symfony-twig-bundle
php-symfony-web-profiler-bundle
Architecture: source
Version: 2.8.7+dfsg-1.3+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: David Prévot <taffit at debian.org>
Description:
php-symfony - set of reusable components and framework for web projects
php-symfony-asset - manage asset URLs
php-symfony-browser-kit - simulate the behavior of a web browser
php-symfony-class-loader - load PHP classes automatically
php-symfony-config - load configurations from different data sources
php-symfony-console - run tasks from the command line
php-symfony-css-selector - convert CSS selectors to XPath expressions
php-symfony-debug - tools to make debugging of PHP code easier
php-symfony-debug-bundle - debugging tools for the Symfony framework
php-symfony-dependency-injection - standardize and centralize construction of objects
php-symfony-doctrine-bridge - integration for Doctrine with Symfony Components
php-symfony-dom-crawler - ease DOM navigation for HTML and XML documents
php-symfony-event-dispatcher - dispatch events and listen to them
php-symfony-expression-language - compile and evaluate expressions
php-symfony-filesystem - basic filesystem utilities
php-symfony-finder - find files and directories
php-symfony-form - create HTML forms and process request data
php-symfony-framework-bundle - basic, robust and flexible MVC framework
php-symfony-http-foundation - object-oriented layer for the HTTP specification
php-symfony-http-kernel - building blocks for flexible and fast HTTP-based frameworks
php-symfony-intl - limited replacement layer for the PHP extension intl
php-symfony-ldap - abstraction layer for the PHP LDAP module
php-symfony-locale - deprecated replacement layer for the PHP extension intl
php-symfony-monolog-bridge - integration for Monolog with Symfony Components
php-symfony-options-resolver - configure objects with option arrays
php-symfony-phpunit-bridge - integration for PHPUnit with Symfony Components
php-symfony-process - execute commands in sub-processes
php-symfony-property-access - read from and write to an object or array
php-symfony-property-info - extract information about properties of PHP classes
php-symfony-proxy-manager-bridge - integration for ProxyManager with Symfony Components
php-symfony-routing - associate a request with code that generates a response
php-symfony-security - infrastructure for sophisticated authorization systems
php-symfony-security-bundle - configurable security system for the Symfony framework
php-symfony-security-core - infrastructure for authorization systems - common features
php-symfony-security-csrf - infrastructure for authorization systems - CSRF protection
php-symfony-security-guard - infrastructure for authorization systems - Guard features
php-symfony-security-http - infrastructure for authorization systems - HTTP integration
php-symfony-serializer - convert PHP objects into specific formats and vice versa
php-symfony-stopwatch - profile PHP code
php-symfony-swiftmailer-bridge - integration for Swift Mailer with Symfony Components
php-symfony-templating - tools needed to build a template system
php-symfony-translation - tools to internationalize an application
php-symfony-twig-bridge - integration for Twig with Symfony Components
php-symfony-twig-bundle - configurable integration of Twig with the Symfony framework
php-symfony-validator - tools to validate classes
php-symfony-var-dumper -
php-symfony-web-profiler-bundle - collect requests information for analysis and debugging
php-symfony-yaml - convert YAML to PHP arrays and the other way around
Changes:
symfony (2.8.7+dfsg-1.3+deb9u1) stretch-security; urgency=medium
.
* Use gbp pq to handle patches introduced in NMU
* Cherry-pick upstream commits to fix security issues
- [Security] Validate redirect targets using the session cookie domain
[CVE-2017-16652]
- [Security] Namespace generated CSRF tokens depending of the current
scheme [CVE-2017-16653]
- prevent bundle readers from breaking out of paths [CVE-2017-16654]
- [Form][DX] FileType "multiple" fixes
- ensure that submitted data are uploaded files [CVE-2017-16790]
- Adding session strategy to ALL listeners to avoid *any* possible
fixation [CVE-2018-11385]
- Adding session authentication strategy to Guard to avoid session
fixation [CVE-2018-11385]
- [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL
is in loose mode [CVE-2018-11386]
- [Security] Fix logout
- do not mock the session in token storage tests
- clear CSRF tokens when the user is logged out [CVE-2018-11406]
- [Ldap] cast to string when checking empty passwords [CVE-2016-2403]
- [SecurityBundle] Fail if security.http_utils cannot be configured
[CVE-2018-11408]
Checksums-Sha1:
aeb473a0143e7b875d48ff56eed2f98ed125625f 6301 symfony_2.8.7+dfsg-1.3+deb9u1.dsc
966375f37bfe8f7866a5eb3727c630f92a45620d 3923472 symfony_2.8.7+dfsg.orig.tar.gz
a54e0e52857d9b6331ab4b305ca9dca8f58a4753 54404 symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz
Checksums-Sha256:
135c6f757c546a916c34b8e13956eace401d7828077a85eedcd4e3442f022b5d 6301 symfony_2.8.7+dfsg-1.3+deb9u1.dsc
f2210726f29a03f754dc5fafbdaa2f88169bda5c5303db8cf05237d525071652 3923472 symfony_2.8.7+dfsg.orig.tar.gz
69e5b1a2de6ba62a9e77c244089b34c514fa9e1fa53cd911d163ebed54d03237 54404 symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz
Files:
0cc3466b13b0422a6f522875d7c2cb72 6301 php optional symfony_2.8.7+dfsg-1.3+deb9u1.dsc
d7bf966f909cb6146ec48d31b05f6032 3923472 php optional symfony_2.8.7+dfsg.orig.tar.gz
60be3de8dbe539ddf68e39012ce7d978 54404 php optional symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAltf89MACgkQBYwc+UT2
vTyplAf7BtKdFOH2b6zzetYR+TIomFm+qLLhNVVcULsQaJbnxjIBAUj8S81Fp7GX
sms4ylngbThOgnWhERnHGFyeuZ5DEUcmaMNgAVtSNO05ap/yAwSEVMTOW9clA5+z
Qc0L5kGRQ5p6MxtulzP43QFDnoi6oESG/l4cystDMmx4UxiNeAccMZgn+L/fKUoy
5x/cQKFYuNwTpS+5CZ4Titn+JSLFX+6muTZoPgcwJ7Xf/XsIzyxEgi0viOKMKLkB
5ne7JdtemwB8J4c3Txoht0WT87FWFIz1bG2QmbOV3lEuwSy8vbIfZJGEO2T+1aUn
Hwxb+nj+ty0umnsjpi/eA82JIK++Gw==
=w+ln
-----END PGP SIGNATURE-----
Thank you for your contribution to Debian.
More information about the pkg-php-pear
mailing list