[SECURITY] Fedora 23 Update: php-twig-1.20.0-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13463
2015-08-27 17:56:49.070275
--------------------------------------------------------------------------------
Name : php-twig
Product : Fedora 23
Version : 1.20.0
Release : 1.fc23
URL : http://twig.sensiolabs.org
Summary : The flexible, fast, and secure template engine for PHP
Description :
The flexible, fast, and secure template engine for PHP.
* Fast: Twig compiles templates down to plain optimized PHP code. The
overhead compared to regular PHP code was reduced to the very minimum.
* Secure: Twig has a sandbox mode to evaluate untrusted template code. This
allows Twig to be used as a template language for applications where users
may modify the template design.
* Flexible: Twig is powered by a flexible lexer and parser. This allows the
developer to define its own custom tags and filters, and create its own
DSL.
--------------------------------------------------------------------------------
Update Information:
## 1.20.0 (2015-08-12) * forbid access to the Twig environment from templates
and internal parts of Twig_Template * fixed limited RCEs when in sandbox mode *
deprecated Twig_Template::getEnvironment() * deprecated the _self variable for
usage outside of the from and import tags * added Twig_BaseNodeVisitor to ease
the compatibility of node visitors between 1.x and 2.x ## 1.19.0 (2015-07-31)
* fixed wrong error message when including an undefined template in a child
template * added support for variadic filters, functions, and tests * added
support for extra positional arguments in macros * added ignore_missing flag to
the source function * fixed batch filter with zero items * deprecated
Twig_Environment::clearTemplateCache() * fixed sandbox disabling when using the
include function
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1249259 - php-twig-v1.20.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1249259
[ 2 ] Bug #1255796 - php-twig: Remote code execution via Twig templates [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1255796
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-twig' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 22 Update: osmpbf-1.3.3-7.20150712git17fd0cc.fc22
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13577
2015-08-27 17:52:04.306602
--------------------------------------------------------------------------------
Name : osmpbf
Product : Fedora 22
Version : 1.3.3
Release : 7.20150712git17fd0cc.fc22
URL : https://github.com/scrosby/OSM-binary
Summary : C library to read and write OpenStreetMap PBF files
Description :
Osmpbf is a Java/C library to read and write OpenStreetMap PBF files.
PBF (Protocol buffer Binary Format) is a binary file format for OpenStreetMap
data that uses Google Protocol Buffers as low-level storage.
--------------------------------------------------------------------------------
Update Information:
Package the Java libraryosmpbf-1.3.3-7.20150712git17fd0cc.fc23
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253965 - Build Java library
https://bugzilla.redhat.com/show_bug.cgi?id=1253965
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update osmpbf' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 23 Update: php-Monolog-1.16.0-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13487
2015-08-27 17:56:49.070248
--------------------------------------------------------------------------------
Name : php-Monolog
Product : Fedora 23
Version : 1.16.0
Release : 1.fc23
URL : https://github.com/Seldaek/monolog
Summary : Sends your logs to files, sockets, inboxes, databases and various web services
Description :
Monolog sends your logs to files, sockets, inboxes, databases and various web
services. Special handlers allow you to build advanced logging strategies.
This library implements the PSR-3 [1] interface that you can type-hint against
in your own libraries to keep a maximum of interoperability. You can also use it
in your applications to make sure you can always use another compatible logger
at a later time.
Optional:
* php-aws-sdk (>= 2.8.13, < 3.0)
Allow sending log messages to AWS services like DynamoDB
* php-pecl-amqp
Allow sending log messages to an AMQP server (1.0+ required)
* php-pecl-mongo
Allow sending log messages to a MongoDB server
* php-Raven (>= 0.12.0, < 1.0)
Allow sending log messages to a Sentry server
* php-swift-Swift
Allow sending log messages through Swiftmailer
* https://github.com/doctrine/couchdb-client
Allow sending log messages to a CouchDB server
* https://github.com/Graylog2/gelf-php
Allow sending log messages to a GrayLog2 server
* https://docs.newrelic.com/docs/php/new-relic-for-php
Allow sending log messages to a New Relic application
* https://github.com/phpconsole/phpconsole
Allow sending log messages to Google Chrome
* https://github.com/rollbar/rollbar-php
Allow sending log messages to Rollbar
* https://github.com/ruflin/Elastica
Allow sending log messages to an Elastic Search server
* https://github.com/videlalvaro/php-amqplib
Allow sending log messages to an AMQP server using php-amqplib
[1] http://www.php-fig.org/psr/psr-3/
--------------------------------------------------------------------------------
Update Information:
### 1.16.0 (2015-08-09) * Added IFTTTHandler to notify ifttt.com triggers *
Added Logger::setHandlers() to allow setting/replacing all handlers * Added
$capSize in RedisHandler to cap the log size * Fixed StreamHandler creation of
directory to only trigger when the first log write happens * Fixed bug in the
handling of curl failures * Fixed duplicate logging of fatal errors when both
error and fatal error handlers are registered in monolog's ErrorHandler * Fixed
missing fatal errors records with handlers that need to be closed to flush log
records * Fixed TagProcessor::addTags support for associative arrays
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1251783 - php-Monolog-1.16.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1251783
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-Monolog' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 22 Update: python-setproctitle-1.1.9-1.fc22
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13565
2015-08-27 17:52:04.306560
--------------------------------------------------------------------------------
Name : python-setproctitle
Product : Fedora 22
Version : 1.1.9
Release : 1.fc22
URL : http://pypi.python.org/pypi/setproctitle
Summary : Python module to customize a process title
Description :
Python module allowing a process to change its title as displayed by
system tool such as ps and top.
It's useful in multiprocess systems, allowing to identify tasks each forked
process is busy with. This technique has been used by PostgreSQL and OpenSSH.
It's based on PostgreSQL implementation which has proven to be portable.
--------------------------------------------------------------------------------
Update Information:
Upstream 1.1.9
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update python-setproctitle' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 23 Update: php-zendframework-zend-diactoros-1.1.3-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13510
2015-08-27 17:56:49.070218
--------------------------------------------------------------------------------
Name : php-zendframework-zend-diactoros
Product : Fedora 23
Version : 1.1.3
Release : 1.fc23
URL : https://github.com/zendframework/zend-diactoros
Summary : PSR HTTP Message implementations
Description :
A PHP package containing implementations of the accepted PSR-7 HTTP message
interfaces [1], as well as a "server" implementation similar to node's
http.Server [2].
[1] http://www.php-fig.org/psr/psr-7/
[2] http://nodejs.org/api/http.html
--------------------------------------------------------------------------------
Update Information:
## 1.1.3 - 2015-08-10 ### Added - Nothing. ### Deprecated - Nothing.
### Removed - Nothing. ### Fixed -
[#71](https://github.com/zendframework/zend-diactoros/pull/71) fixes the
docblock of the `JsonResponse` constructor to typehint the `$data` argument as
`mixed`. - [#73](https://github.com/zendframework/zend-diactoros/pull/73)
changes the behavior in `Request` such that if it marshals a stream during
instantiation, the stream is marked as writeable (specifically, mode `wb+`). -
[#85](https://github.com/zendframework/zend-diactoros/pull/85) updates the
behavior of `Zend\Diactoros\Uri`'s various `with*()` methods that are documented
as accepting strings to raise exceptions on non-string input. Previously,
several simply passed non-string input on verbatim, others normalized the input,
and a few correctly raised the exceptions. Behavior is now consistent across
each. - [#87](https://github.com/zendframework/zend-diactoros/pull/87) fixes
`UploadedFile` to ensure that `moveTo()` works correctly in non-SAPI
environments when the file provided to the constructor is a path.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1252195 - php-zendframework-zend-diactoros-1.1.3 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1252195
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-zendframework-zend-diactoros' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 22 Update: php-guzzlehttp-promises-1.0.2-1.fc22
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13598
2015-08-27 17:52:04.306529
--------------------------------------------------------------------------------
Name : php-guzzlehttp-promises
Product : Fedora 22
Version : 1.0.2
Release : 1.fc22
URL : https://github.com/guzzle/promises
Summary : Guzzle promises library
Description :
Promises/A+ [1] implementation that handles promise chaining and resolution
interactively, allowing for "infinite" promise chaining while keeping the
stack size constant.
[1] https://promisesaplus.com/
--------------------------------------------------------------------------------
Update Information:
## 1.0.2 - 2015-05-15 * Conditionally require functions.php.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253996 - php-guzzlehttp-promises-1.0.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1253996
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-guzzlehttp-promises' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 23 Update: gnupg2-2.1.7-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13464
2015-08-27 17:56:49.070191
--------------------------------------------------------------------------------
Name : gnupg2
Product : Fedora 23
Version : 2.1.7
Release : 1.fc23
URL : http://www.gnupg.org/
Summary : Utility for secure communication and data storage
Description :
GnuPG is GNU's tool for secure communication and data storage. It can
be used to encrypt data and to create digital signatures. It includes
an advanced key management facility and is compliant with the proposed
OpenPGP Internet standard as described in RFC2440 and the S/MIME
standard as described by several RFCs.
GnuPG 2.0 is a newer version of GnuPG with additional support for
S/MIME. It has a different design philosophy that splits
functionality up into several modules. The S/MIME and smartcard functionality
is provided by the gnupg2-smime package.
--------------------------------------------------------------------------------
Update Information:
Minor update from upstream fixing some problems with upgrades from older gnupg2
versions and other minor bugs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1242652 - gpg2 hang when encrypting to a sign-only key (?)
https://bugzilla.redhat.com/show_bug.cgi?id=1242652
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update gnupg2' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 22 Update: php-guzzlehttp-psr7-1.2.0-1.fc22
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13599
2015-08-27 17:52:04.306486
--------------------------------------------------------------------------------
Name : php-guzzlehttp-psr7
Product : Fedora 22
Version : 1.2.0
Release : 1.fc22
URL : https://github.com/guzzle/psr7
Summary : PSR-7 message implementation
Description :
PSR-7 message implementation, several stream decorators, and some helpful
functionality like query string parsing.
--------------------------------------------------------------------------------
Update Information:
## 1.2.0 - 2015-08-15 * Body as `"0"` is now properly added to a response. *
Now allowing forward seeking in CachingStream. * Now properly parsing HTTP
requests that contain proxy targets in `parse_request`. * functions.php is now
conditionally required. * user-info is no longer dropped when resolving URIs.
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1253997 - php-guzzlehttp-psr7-1.2.0 is available
https://bugzilla.redhat.com/show_bug.cgi?id=1253997
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update php-guzzlehttp-psr7' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 22 Update: mingw-gtk2-2.24.28-1.fc22
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13685
2015-08-27 17:52:04.306447
--------------------------------------------------------------------------------
Name : mingw-gtk2
Product : Fedora 22
Version : 2.24.28
Release : 1.fc22
URL : http://www.gtk.org
Summary : MinGW Windows Gtk2 library
Description :
MinGW Windows Gtk2 library.
--------------------------------------------------------------------------------
Update Information:
gtk+ 2.24.28 release. Bug fixes: - 693738 gtk print dialog shows "Getting
printer information failed"... - 746064 "sticky" window state reported wrongly
on X11 - 746269 Segfault in gtk_tree_view_move_cursor_page_up_down - 748014
W32: Tilting mousewheel left/right does not scroll horizontally
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update mingw-gtk2' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months
Fedora 23 Update: pyOpenSSL-0.15.1-1.fc23
by updates@fedoraproject.org
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-13447
2015-08-27 17:56:49.070160
--------------------------------------------------------------------------------
Name : pyOpenSSL
Product : Fedora 23
Version : 0.15.1
Release : 1.fc23
URL : http://pyopenssl.sourceforge.net/
Summary : Python wrapper module around the OpenSSL library
Description :
High-level wrapper around a subset of the OpenSSL library, includes among others
* SSL.Connection objects, wrapping the methods of Python's portable
sockets
* Callbacks written in Python
* Extensive error-handling mechanism, mirroring OpenSSL's error codes
--------------------------------------------------------------------------------
Update Information:
Fixes problems with python3 compatibility.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update pyOpenSSL' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
8 years, 8 months