[pkg-php-pear] symfony_2.8.7+dfsg-1.3+deb9u1_source.changes ACCEPTED into proposed-updates->stable-new

Debian FTP Masters ftpmaster at ftp-master.debian.org
Fri Aug 3 17:34:50 BST 2018


Mapping stable-security to proposed-updates.

Accepted:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 25 Jul 2018 15:22:39 +0800
Source: symfony
Binary: php-symfony php-symfony-asset php-symfony-browser-kit php-symfony-class-loader php-symfony-config php-symfony-console php-symfony-css-selector php-symfony-debug php-symfony-dependency-injection php-symfony-dom-crawler php-symfony-event-dispatcher php-symfony-expression-language php-symfony-filesystem php-symfony-finder php-symfony-form php-symfony-http-foundation php-symfony-http-kernel php-symfony-intl php-symfony-ldap php-symfony-locale php-symfony-options-resolver php-symfony-process php-symfony-property-access php-symfony-property-info php-symfony-routing php-symfony-security php-symfony-security-core php-symfony-security-csrf php-symfony-security-guard php-symfony-security-http php-symfony-serializer php-symfony-stopwatch php-symfony-templating php-symfony-translation php-symfony-validator php-symfony-var-dumper php-symfony-yaml php-symfony-doctrine-bridge php-symfony-monolog-bridge php-symfony-phpunit-bridge php-symfony-proxy-manager-bridge
 php-symfony-swiftmailer-bridge php-symfony-twig-bridge php-symfony-debug-bundle php-symfony-framework-bundle php-symfony-security-bundle php-symfony-twig-bundle
 php-symfony-web-profiler-bundle
Architecture: source
Version: 2.8.7+dfsg-1.3+deb9u1
Distribution: stretch-security
Urgency: medium
Maintainer: Debian PHP PEAR Maintainers <pkg-php-pear at lists.alioth.debian.org>
Changed-By: David Prévot <taffit at debian.org>
Description:
 php-symfony - set of reusable components and framework for web projects
 php-symfony-asset - manage asset URLs
 php-symfony-browser-kit - simulate the behavior of a web browser
 php-symfony-class-loader - load PHP classes automatically
 php-symfony-config - load configurations from different data sources
 php-symfony-console - run tasks from the command line
 php-symfony-css-selector - convert CSS selectors to XPath expressions
 php-symfony-debug - tools to make debugging of PHP code easier
 php-symfony-debug-bundle - debugging tools for the Symfony framework
 php-symfony-dependency-injection - standardize and centralize construction of objects
 php-symfony-doctrine-bridge - integration for Doctrine with Symfony Components
 php-symfony-dom-crawler - ease DOM navigation for HTML and XML documents
 php-symfony-event-dispatcher - dispatch events and listen to them
 php-symfony-expression-language - compile and evaluate expressions
 php-symfony-filesystem - basic filesystem utilities
 php-symfony-finder - find files and directories
 php-symfony-form - create HTML forms and process request data
 php-symfony-framework-bundle - basic, robust and flexible MVC framework
 php-symfony-http-foundation - object-oriented layer for the HTTP specification
 php-symfony-http-kernel - building blocks for flexible and fast HTTP-based frameworks
 php-symfony-intl - limited replacement layer for the PHP extension intl
 php-symfony-ldap - abstraction layer for the PHP LDAP module
 php-symfony-locale - deprecated replacement layer for the PHP extension intl
 php-symfony-monolog-bridge - integration for Monolog with Symfony Components
 php-symfony-options-resolver - configure objects with option arrays
 php-symfony-phpunit-bridge - integration for PHPUnit with Symfony Components
 php-symfony-process - execute commands in sub-processes
 php-symfony-property-access - read from and write to an object or array
 php-symfony-property-info - extract information about properties of PHP classes
 php-symfony-proxy-manager-bridge - integration for ProxyManager with Symfony Components
 php-symfony-routing - associate a request with code that generates a response
 php-symfony-security - infrastructure for sophisticated authorization systems
 php-symfony-security-bundle - configurable security system for the Symfony framework
 php-symfony-security-core - infrastructure for authorization systems - common features
 php-symfony-security-csrf - infrastructure for authorization systems - CSRF protection
 php-symfony-security-guard - infrastructure for authorization systems - Guard features
 php-symfony-security-http - infrastructure for authorization systems - HTTP integration
 php-symfony-serializer - convert PHP objects into specific formats and vice versa
 php-symfony-stopwatch - profile PHP code
 php-symfony-swiftmailer-bridge - integration for Swift Mailer with Symfony Components
 php-symfony-templating - tools needed to build a template system
 php-symfony-translation - tools to internationalize an application
 php-symfony-twig-bridge - integration for Twig with Symfony Components
 php-symfony-twig-bundle - configurable integration of Twig with the Symfony framework
 php-symfony-validator - tools to validate classes
 php-symfony-var-dumper -
 php-symfony-web-profiler-bundle - collect requests information for analysis and debugging
 php-symfony-yaml - convert YAML to PHP arrays and the other way around
Changes:
 symfony (2.8.7+dfsg-1.3+deb9u1) stretch-security; urgency=medium
 .
   * Use gbp pq to handle patches introduced in NMU
   * Cherry-pick upstream commits to fix security issues
     - [Security] Validate redirect targets using the session cookie domain
       [CVE-2017-16652]
     - [Security] Namespace generated CSRF tokens depending of the current
       scheme [CVE-2017-16653]
     - prevent bundle readers from breaking out of paths [CVE-2017-16654]
     - [Form][DX] FileType "multiple" fixes
     - ensure that submitted data are uploaded files [CVE-2017-16790]
     - Adding session strategy to ALL listeners to avoid *any* possible
       fixation [CVE-2018-11385]
     - Adding session authentication strategy to Guard to avoid session
       fixation [CVE-2018-11385]
     - [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL
       is in loose mode [CVE-2018-11386]
     - [Security] Fix logout
     - do not mock the session in token storage tests
     - clear CSRF tokens when the user is logged out [CVE-2018-11406]
     - [Ldap] cast to string when checking empty passwords [CVE-2016-2403]
     - [SecurityBundle] Fail if security.http_utils cannot be configured
       [CVE-2018-11408]
Checksums-Sha1:
 aeb473a0143e7b875d48ff56eed2f98ed125625f 6301 symfony_2.8.7+dfsg-1.3+deb9u1.dsc
 966375f37bfe8f7866a5eb3727c630f92a45620d 3923472 symfony_2.8.7+dfsg.orig.tar.gz
 a54e0e52857d9b6331ab4b305ca9dca8f58a4753 54404 symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz
Checksums-Sha256:
 135c6f757c546a916c34b8e13956eace401d7828077a85eedcd4e3442f022b5d 6301 symfony_2.8.7+dfsg-1.3+deb9u1.dsc
 f2210726f29a03f754dc5fafbdaa2f88169bda5c5303db8cf05237d525071652 3923472 symfony_2.8.7+dfsg.orig.tar.gz
 69e5b1a2de6ba62a9e77c244089b34c514fa9e1fa53cd911d163ebed54d03237 54404 symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz
Files:
 0cc3466b13b0422a6f522875d7c2cb72 6301 php optional symfony_2.8.7+dfsg-1.3+deb9u1.dsc
 d7bf966f909cb6146ec48d31b05f6032 3923472 php optional symfony_2.8.7+dfsg.orig.tar.gz
 60be3de8dbe539ddf68e39012ce7d978 54404 php optional symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAltf89MACgkQBYwc+UT2
vTyplAf7BtKdFOH2b6zzetYR+TIomFm+qLLhNVVcULsQaJbnxjIBAUj8S81Fp7GX
sms4ylngbThOgnWhERnHGFyeuZ5DEUcmaMNgAVtSNO05ap/yAwSEVMTOW9clA5+z
Qc0L5kGRQ5p6MxtulzP43QFDnoi6oESG/l4cystDMmx4UxiNeAccMZgn+L/fKUoy
5x/cQKFYuNwTpS+5CZ4Titn+JSLFX+6muTZoPgcwJ7Xf/XsIzyxEgi0viOKMKLkB
5ne7JdtemwB8J4c3Txoht0WT87FWFIz1bG2QmbOV3lEuwSy8vbIfZJGEO2T+1aUn
Hwxb+nj+ty0umnsjpi/eA82JIK++Gw==
=w+ln
-----END PGP SIGNATURE-----


Thank you for your contribution to Debian.



More information about the pkg-php-pear mailing list