Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 444922 - dev-php/symfony : Arbitrary File Disclosure Vulnerability
Summary: dev-php/symfony : Arbitrary File Disclosure Vulnerability
Status: RESOLVED DUPLICATE of bug 444696
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-11-27 12:18 UTC by Agostino Sarubbo
Modified: 2012-11-27 12:22 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-11-27 12:18:15 UTC
From https://secunia.com/advisories/51372/ :

Description
A vulnerability has been reported in Symfony, which can be exploited by malicious people to 
disclose certain sensitive information.

Certain unspecified input is not properly verified before being used to read files. This can be 
exploited to disclose the content of arbitrary files via a specially crafted upload request.

Successful exploitation requires that a form containing a file upload field is used.

The vulnerability is reported in versions prior to 1.4.20.


Solution
Update to version 1.4.20.
Comment 1 Sean Amoss (RETIRED) gentoo-dev Security 2012-11-27 12:22:20 UTC

*** This bug has been marked as a duplicate of bug 444696 ***