Summary: | <dev-php5/symfony-1.2.6 Improper protection of extra fields in new admin generator | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Matt Courtney <matt> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | trivial | CC: | pchrist, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.symfony-project.org/blog/2009/04/27/symfony-1-2-6-security-fix | ||
Whiteboard: | ~4 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 311633 | ||
Bug Blocks: | |||
Attachments: |
Description
Matt Courtney
2008-12-14 18:49:41 UTC
Created attachment 175267 [details]
ebuild
Created attachment 178018 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.2.ebuild
Symgony 1.2.2 - Tested and stable on x86
Created attachment 180520 [details]
symfony-1.2.3.ebuild
Bump to 1.2.3 . Another bugfix release to 1.2.X branch. Tested and stable x86.
Created attachment 181275 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.4.ebuild
Two regressions were found in 1.2.3, so upstream has quickly released 1.2.4. Tested on x86
Created attachment 189221 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.5.ebuild
Bump to 1.2.5
Created attachment 190108 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.6.ebuild
=Security bump 1.2.6
Small security issue has been found in the 1.2 branch of the symfony framework project. Reference: http://www.symfony-project.org/blog/2009/04/27/symfony-1-2-6-security-fix Bump to attached 1.2.6 required *** Bug 268283 has been marked as a duplicate of this bug. *** web-apps, please bump Vulnerable versions removed. But 1.4.3 is still masked for testing. Arches, please mark dev-php5/symfony-1.4.3 stable. Tests passed on x86, looks good afaics. Needs newer PEAR. stable x86, thank you, Andreas and Jamie, for testing amd64 stable, all arches done. The vulnerable package never was stable. |