Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 250961 - <dev-php5/symfony-1.2.6 Improper protection of extra fields in new admin generator
Summary: <dev-php5/symfony-1.2.6 Improper protection of extra fields in new admin gene...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://www.symfony-project.org/blog/2...
Whiteboard: ~4 [noglsa]
Keywords:
: 268283 (view as bug list)
Depends on: 311633
Blocks:
  Show dependency tree
 
Reported: 2008-12-14 18:49 UTC by Matt Courtney
Modified: 2010-04-17 18:49 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
ebuild (symfony-1.2.1.ebuild,606 bytes, text/plain)
2008-12-14 18:50 UTC, Matt Courtney
no flags Details
/usr/local/portage/dev-php5/symfony/symfony-1.2.2.ebuild (symfony-1.2.2.ebuild,705 bytes, text/plain)
2009-01-11 10:01 UTC, Jamie Learmonth
no flags Details
symfony-1.2.3.ebuild (symfony-1.2.3.ebuild,705 bytes, text/plain)
2009-02-01 10:27 UTC, Jamie Learmonth
no flags Details
/usr/local/portage/dev-php5/symfony/symfony-1.2.4.ebuild (symfony-1.2.4.ebuild,705 bytes, text/plain)
2009-02-07 17:08 UTC, Jamie Learmonth
no flags Details
/usr/local/portage/dev-php5/symfony/symfony-1.2.5.ebuild (symfony-1.2.5.ebuild,705 bytes, text/plain)
2009-04-23 09:52 UTC, Jamie Learmonth
no flags Details
/usr/local/portage/dev-php5/symfony/symfony-1.2.6.ebuild (symfony-1.2.6.ebuild,705 bytes, text/plain)
2009-05-02 09:58 UTC, Jamie Learmonth
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Courtney 2008-12-14 18:49:41 UTC
Symfony 1.2.1 has been released, ebuild attached
Comment 1 Matt Courtney 2008-12-14 18:50:07 UTC
Created attachment 175267 [details]
ebuild
Comment 2 Jamie Learmonth 2009-01-11 10:01:27 UTC
Created attachment 178018 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.2.ebuild

Symgony 1.2.2 - Tested and stable on x86
Comment 3 Jamie Learmonth 2009-02-01 10:27:09 UTC
Created attachment 180520 [details]
symfony-1.2.3.ebuild

Bump to 1.2.3 . Another bugfix release to 1.2.X branch. Tested and stable x86.
Comment 4 Jamie Learmonth 2009-02-07 17:08:31 UTC
Created attachment 181275 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.4.ebuild

Two regressions were found in 1.2.3, so upstream has quickly released 1.2.4. Tested on x86
Comment 5 Jamie Learmonth 2009-04-23 09:52:12 UTC
Created attachment 189221 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.5.ebuild

Bump to 1.2.5
Comment 6 Jamie Learmonth 2009-05-02 09:58:30 UTC
Created attachment 190108 [details]
/usr/local/portage/dev-php5/symfony/symfony-1.2.6.ebuild

=Security bump 1.2.6
Comment 7 Jamie Learmonth 2009-05-02 10:01:20 UTC
Small security issue has been found in the 1.2 branch of the symfony framework project.

Reference: http://www.symfony-project.org/blog/2009/04/27/symfony-1-2-6-security-fix

Bump to attached 1.2.6 required
Comment 8 Alex Legler (RETIRED) archtester gentoo-dev Security 2009-05-02 12:07:00 UTC
*** Bug 268283 has been marked as a duplicate of this bug. ***
Comment 9 Robert Buchholz (RETIRED) gentoo-dev 2009-07-15 16:14:08 UTC
web-apps, please bump
Comment 10 Ben de Groot (RETIRED) gentoo-dev 2010-03-06 14:47:06 UTC
Vulnerable versions removed. But 1.4.3 is still masked for testing.
Comment 11 Ben de Groot (RETIRED) gentoo-dev 2010-04-11 00:55:24 UTC
Arches, please mark dev-php5/symfony-1.4.3 stable.
Comment 12 Andreas Schürch gentoo-dev 2010-04-11 11:46:24 UTC
Tests passed on x86, looks good afaics.
Comment 13 Christian Faulhammer (RETIRED) gentoo-dev 2010-04-12 11:58:17 UTC
Needs newer PEAR.
Comment 14 Christian Faulhammer (RETIRED) gentoo-dev 2010-04-12 12:35:45 UTC
stable x86, thank you, Andreas and Jamie, for testing
Comment 15 Markus Meier gentoo-dev 2010-04-15 21:51:02 UTC
amd64 stable, all arches done.
Comment 16 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-04-17 18:49:41 UTC
The vulnerable package never was stable.