[SECURITY] Fedora 20 Update: php-symfony-2.5.12-1.fc20

updates at fedoraproject.org updates at fedoraproject.org
Fri Jun 5 23:49:57 UTC 2015


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-9025
2015-05-28 06:14:15
--------------------------------------------------------------------------------

Name        : php-symfony
Product     : Fedora 20
Version     : 2.5.12
Release     : 1.fc20
URL         : http://symfony.com
Summary     : PHP framework for web projects
Description :
PHP framework for web projects

--------------------------------------------------------------------------------
Update Information:

**2.5.12** (2015-05-27)
* security #14759 CVE-2015-4050 [HttpKernel] Do not call the FragmentListener if _controller is already defined (jakzal)

--------------------------------------------------------------------------------
ChangeLog:

* Wed May 27 2015 Remi Collet <remi at fedoraproject.org> - 2.5.12-1
- Update to 2.5.12
- security fix for CVE-2015-4050
* Thu Apr  2 2015 Remi Collet <remi at fedoraproject.org> - 2.5.11-1
- Update to 2.5.11
- security fix for CVE-2015-2308 and CVE-2015-2309
* Wed Mar 18 2015 Remi Collet <remi at fedoraproject.org> - 2.5.10-1
- Update to 2.5.10
* Mon Dec 15 2014 Remi Collet <remi at fedoraproject.org> - 2.5.8-1
- Update to 2.5.8
* Thu Nov 20 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.7-1
- Updated to 2.5.7 (BZ #1166396)
- Added php-composer(egulias/email-validator) dependency
* Sun Nov  2 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.6-2
- Exclude "intl-data" test group instead of removing test files
* Sun Nov  2 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.6-1
- Updated to 2.5.6 (BZ #1157502)
- "php-twig-Twig" dependency updated to "php-composer(twig/twig)"
- Obsoleted php-symfony-icu (data now in intl component)
* Mon Sep 29 2014 Remi Collet <remi at fedoraproject.org> - 2.5.5-1
- update to 2.5.5
- hack PHPUnit autoloader to not use old system symfony
- don't skip any Yaml test
* Wed Sep  3 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.4-1
- Updated to 2.5.4 (CVE-2014-6072, CVE-2014-5245, CVE-2014-4931, CVE-2014-6061,
  CVE-2014-5244, BZ #1138285)
- Removed test files from PropertyAccess and Stopwatch components
- Updated skipped tests
* Tue Aug 12 2014 Remi Collet <remi at fedoraproject.org> - 2.5.3-1
- update to 2.5.3
- fix test bootstrap for PHPUnit 4.2
* Sat Jul 19 2014 Remi Collet <remi at fedoraproject.org> - 2.5.2-2
- fix license handling
* Fri Jul 18 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.5.2-1
- Updated to 2.5.2 (BZ #1100720)
- Added php-composer() virtual provides
- Updated most dependencies to use available php-composer virtual provides
- php-password-compat conditional changed from "0%{?el6}%{?el7}" to
  ""%{php_version}" < "5.5""
* Sat Jun  7 2014 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.4.4-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Wed Apr 30 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.4.4-1
- Updated to 2.4.4 (BZ #1038134)
- Updated Doctrine dependencies
- Sub-pkg phpcompatinfo without Tests directory since they are not pkged
* Mon Feb 17 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.4.2-1
- Updated to 2.4.2 (BZ #1038134)
- Re-enabled tests
- Added expressionlanguage component sub-pkg
- Added provides for security component composer sub-pkgs
* Mon Jan 13 2014 Remi Collet <remi at fedoraproject.org> - 2.3.9-0
- EPEL-7 bootstrap build
* Sun Jan  5 2014 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.3.9-1
- Updated to 2.3.9 (BZ #1038134)
- Conditional %{?dist}
- Minor bash cosmetic changes
- Skip additional test relying on external resources
- Skip additional el6 test
* Wed Dec 18 2013 Shawn Iwinski <shawn.iwinski at gmail.com> - 2.3.8-1
- Updated to 2.3.8 (BZ #1038134)
- Temporarily skip test known to fail on Fedora > 20
* Sat Dec 14 2013 Remi Collet <remi at fedoraproject.org> - 2.3.7-4
- fix PEAR compatibility: add missing "autoloader.php"
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1227264 - CVE-2015-4050 php-symfony: ESI unauthorized access
        https://bugzilla.redhat.com/show_bug.cgi?id=1227264
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use
su -c 'yum update php-symfony' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list