Fedora EPEL 6 Update: php-brumann-polyfill-unserialize-1.0.3-1.el6 - epel-package-announce - Fedora mailing-lists

3 Jul 2019


      --------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2019-e514dd8ee0
2019-07-03 03:12:07.219729
--------------------------------------------------------------------------------
Name        : php-brumann-polyfill-unserialize
Product     : Fedora EPEL 6
Version     : 1.0.3
Release     : 1.el6
URL         : https://github.com/dbrumann/polyfill-unserialize
Summary     : Backports unserialize options introduced in PHP 7.0
Description :
Backports unserialize options introduced in PHP 7.0 to older PHP versions. This
was originally designed as a Proof of Concept for Symfony Issue
[#21090](https://github.com/symfony/symfony/pull/21090).
You can use this package in projects that rely on PHP versions older than PHP
7.0. In case you are using PHP 7.0+ the original unserialize() will be used
instead.
From the
[documentation](https://secure.php.net/manual/en/function.unserialize.php):
...
Warning: Do not pass untrusted user input to unserialize(). Unserialization
can result in code being loaded and executed due to object instantiation and
autoloading, and a malicious user may be able to exploit this.
This warning holds true even when `allowed_classes` is used.
Autoloader: /usr/share/php/Brumann/Polyfill/autoload.php
--------------------------------------------------------------------------------
Update Information:
Backports unserialize options introduced in PHP 7.0 to older PHP versions. This
was originally designed as a Proof of Concept for Symfony Issue
[#21090](https://github.com/symfony/symfony/pull/21090).  You can use this
package in projects that rely on PHP versions older than PHP 7.0. In case you
are using PHP 7.0+ the original unserialize() will be used instead.  From the
[documentation](https://secure.php.net/manual/en/function.unserialize.php):  >
Warning: Do not pass untrusted user input to unserialize(). Unserialization >
can result in code being loaded and executed due to object instantiation and >
autoloading, and a malicious user may be able to exploit this.  This warning
holds true even when `allowed_classes` is used.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1707960 - Review Request: php-brumann-polyfill-unserialize - Backports unserialize options introduced in PHP 7.0
        https://bugzilla.redhat.com/show_bug.cgi?id=1707960
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs.  Use
su -c 'yum update php-brumann-polyfill-unserialize' at the command line.
For more information, refer to "YUM", available at
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7%5C
/html/System_Administrators_Guide/ch-yum.html
All packages are signed with the Fedora EPEL GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------