+++ This bug was initially created as a clone of Bug #407427 +++ 1.4.18 is out http://symfony.com/blog/security-release-symfony-1-4-18-released No changes in the ebuild code should be necessary. Contains only security/bugfixes.
This is good to bump with a simple version bump. https://raw.github.com/jamiel/gentoo-overlay/master/dev-php/symfony/symfony-1.4.18.ebuild
This is a security issue, so should be handled by security@
+*symfony-1.4.18 (02 Jun 2012) + + 02 Jun 2012; Pawel Hajdan jr +symfony-1.4.18.ebuild: + Version bump wrt security bug #418427. Ebuild in tree, OK to stabilize?
CVE-2012-2667 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2667): Session fixation vulnerability in lib/user/sfBasicSecurityUser.class.php in SensioLabs Symfony before 1.4.18 allows remote attackers to hijack web sessions via vectors related to the regenerate method and unspecified "database backed session classes."
vulnerable version removed. please vote.
Thanks, folks. GLSA Vote: no.
Please do not close security bugs. GLSA vote: no. Leaving resolved, moving to noglsa.