Bug 250961

Summary:

<dev-php5/symfony-1.2.6 Improper protection of extra fields in new admin generator

Product:

Gentoo Security

Reporter:

Matt Courtney <matt>

Component:

Vulnerabilities

Assignee:

Gentoo Security <security>

Status:

RESOLVED FIXED

Severity:

trivial

CC:

pchrist, web-apps

Priority:

High

Version:

unspecified

Hardware:

All

OS:

Linux

URL:

http://www.symfony-project.org/blog/2009/04/27/symfony-1-2-6-security-fix

Whiteboard:

~4 [noglsa]

Package list:

Runtime testing required:

---

Bug Depends on:

311633

Bug Blocks:

Attachments:

Description	Flags
ebuild	none
/usr/local/portage/dev-php5/symfony/symfony-1.2.2.ebuild	none
symfony-1.2.3.ebuild	none
/usr/local/portage/dev-php5/symfony/symfony-1.2.4.ebuild	none
/usr/local/portage/dev-php5/symfony/symfony-1.2.5.ebuild	none
/usr/local/portage/dev-php5/symfony/symfony-1.2.6.ebuild	none

Description Matt Courtney 2008-12-14 18:49:41 UTC

Symfony 1.2.1 has been released, ebuild attached

Comment 1 Matt Courtney 2008-12-14 18:50:07 UTC

Created attachment 175267 [details]
ebuild

Comment 2 Jamie Learmonth 2009-01-11 10:01:27 UTC

Created attachment 178018 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.2.ebuild

Symgony 1.2.2 - Tested and stable on x86

Comment 3 Jamie Learmonth 2009-02-01 10:27:09 UTC

Created attachment 180520 [details]
symfony-1.2.3.ebuild

Bump to 1.2.3 . Another bugfix release to 1.2.X branch. Tested and stable x86.

Comment 4 Jamie Learmonth 2009-02-07 17:08:31 UTC

Created attachment 181275 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.4.ebuild

Two regressions were found in 1.2.3, so upstream has quickly released 1.2.4. Tested on x86

Comment 5 Jamie Learmonth 2009-04-23 09:52:12 UTC

Created attachment 189221 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.5.ebuild

Bump to 1.2.5

Comment 6 Jamie Learmonth 2009-05-02 09:58:30 UTC

Created attachment 190108 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.6.ebuild

=Security bump 1.2.6

Comment 7 Jamie Learmonth 2009-05-02 10:01:20 UTC

Small security issue has been found in the 1.2 branch of the symfony framework project.

Reference: http://www.symfony-project.org/blog/2009/04/27/symfony-1-2-6-security-fix

Bump to attached 1.2.6 required

Comment 8 Alex Legler (RETIRED) archtester

2009-05-02 12:07:00 UTC

*** Bug 268283 has been marked as a duplicate of this bug. ***

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2009-07-15 16:14:08 UTC

web-apps, please bump

Comment 10 Ben de Groot (RETIRED) gentoo-dev

2010-03-06 14:47:06 UTC

Vulnerable versions removed. But 1.4.3 is still masked for testing.

Comment 11 Ben de Groot (RETIRED) gentoo-dev

2010-04-11 00:55:24 UTC

Arches, please mark dev-php5/symfony-1.4.3 stable.

Comment 12 Andreas Schürch gentoo-dev

2010-04-11 11:46:24 UTC

Tests passed on x86, looks good afaics.

Comment 13 Christian Faulhammer (RETIRED) gentoo-dev

2010-04-12 11:58:17 UTC

Needs newer PEAR.

Comment 14 Christian Faulhammer (RETIRED) gentoo-dev

2010-04-12 12:35:45 UTC

stable x86, thank you, Andreas and Jamie, for testing

Comment 15 Markus Meier gentoo-dev

2010-04-15 21:51:02 UTC

amd64 stable, all arches done.

Comment 16 Alex Legler (RETIRED) archtester

2010-04-17 18:49:41 UTC

The vulnerable package never was stable.