Bug 327973

Summary:	<dev-php5/symfony-1.4.8: Directory Traversal vulnerability
Product:	Gentoo Security	Reporter:	Matti Bickel (RETIRED) <mabi>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	jamie-lists
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	C3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	340077
Bug Blocks:

Description Matti Bickel (RETIRED) gentoo-dev

2010-07-12 18:13:26 UTC

Hi, i just got alerted to this blog post:
http://www.symfony-project.org/blog/2010/06/29/security-release-symfony-1-3-6-and-1-4-6

I'm not aware of a CVE yet.

I've added upstream's new release, courtesy Jamie, our proxy maintainer.

I am not yet familiar enough with the package, so I'm not sure of the impact. The ability to store files in a directory might or might not result in a Denial of Service. I'm not sure if this is an Information Leak, as with other forms of Directory Traversal.

Rating could be C4. I'd also kindly ask for security to call arches for a direct stable bump after assessing the situation.

Comment 1 Matti Bickel (RETIRED) gentoo-dev

2010-07-12 18:20:57 UTC

CC:ing proxy maintainer so he's aware of the bug

Comment 2 Jamie Learmonth 2010-10-15 16:01:15 UTC

This package is now stable in the tree, can sec team close?

Comment 3 Alex Legler (RETIRED) archtester

2010-10-23 14:16:03 UTC

GLSA vote: NO

Comment 4 Tim Sammut (RETIRED) gentoo-dev

2010-11-18 20:31:49 UTC

GLSA vote: No too; closing noglsa.