-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Wed, 25 Jul 2018 15:22:39 +0800 Source: symfony Binary: php-symfony php-symfony-asset php-symfony-browser-kit php-symfony-class-loader php-symfony-config php-symfony-console php-symfony-css-selector php-symfony-debug php-symfony-dependency-injection php-symfony-dom-crawler php-symfony-event-dispatcher php-symfony-expression-language php-symfony-filesystem php-symfony-finder php-symfony-form php-symfony-http-foundation php-symfony-http-kernel php-symfony-intl php-symfony-ldap php-symfony-locale php-symfony-options-resolver php-symfony-process php-symfony-property-access php-symfony-property-info php-symfony-routing php-symfony-security php-symfony-security-core php-symfony-security-csrf php-symfony-security-guard php-symfony-security-http php-symfony-serializer php-symfony-stopwatch php-symfony-templating php-symfony-translation php-symfony-validator php-symfony-var-dumper php-symfony-yaml php-symfony-doctrine-bridge php-symfony-monolog-bridge php-symfony-phpunit-bridge php-symfony-proxy-manager-bridge php-symfony-swiftmailer-bridge php-symfony-twig-bridge php-symfony-debug-bundle php-symfony-framework-bundle php-symfony-security-bundle php-symfony-twig-bundle php-symfony-web-profiler-bundle Architecture: source Version: 2.8.7+dfsg-1.3+deb9u1 Distribution: stretch-security Urgency: medium Maintainer: Debian PHP PEAR Maintainers <pkg-php-p...@lists.alioth.debian.org> Changed-By: David Prévot <taf...@debian.org> Description: php-symfony - set of reusable components and framework for web projects php-symfony-asset - manage asset URLs php-symfony-browser-kit - simulate the behavior of a web browser php-symfony-class-loader - load PHP classes automatically php-symfony-config - load configurations from different data sources php-symfony-console - run tasks from the command line php-symfony-css-selector - convert CSS selectors to XPath expressions php-symfony-debug - tools to make debugging of PHP code easier php-symfony-debug-bundle - debugging tools for the Symfony framework php-symfony-dependency-injection - standardize and centralize construction of objects php-symfony-doctrine-bridge - integration for Doctrine with Symfony Components php-symfony-dom-crawler - ease DOM navigation for HTML and XML documents php-symfony-event-dispatcher - dispatch events and listen to them php-symfony-expression-language - compile and evaluate expressions php-symfony-filesystem - basic filesystem utilities php-symfony-finder - find files and directories php-symfony-form - create HTML forms and process request data php-symfony-framework-bundle - basic, robust and flexible MVC framework php-symfony-http-foundation - object-oriented layer for the HTTP specification php-symfony-http-kernel - building blocks for flexible and fast HTTP-based frameworks php-symfony-intl - limited replacement layer for the PHP extension intl php-symfony-ldap - abstraction layer for the PHP LDAP module php-symfony-locale - deprecated replacement layer for the PHP extension intl php-symfony-monolog-bridge - integration for Monolog with Symfony Components php-symfony-options-resolver - configure objects with option arrays php-symfony-phpunit-bridge - integration for PHPUnit with Symfony Components php-symfony-process - execute commands in sub-processes php-symfony-property-access - read from and write to an object or array php-symfony-property-info - extract information about properties of PHP classes php-symfony-proxy-manager-bridge - integration for ProxyManager with Symfony Components php-symfony-routing - associate a request with code that generates a response php-symfony-security - infrastructure for sophisticated authorization systems php-symfony-security-bundle - configurable security system for the Symfony framework php-symfony-security-core - infrastructure for authorization systems - common features php-symfony-security-csrf - infrastructure for authorization systems - CSRF protection php-symfony-security-guard - infrastructure for authorization systems - Guard features php-symfony-security-http - infrastructure for authorization systems - HTTP integration php-symfony-serializer - convert PHP objects into specific formats and vice versa php-symfony-stopwatch - profile PHP code php-symfony-swiftmailer-bridge - integration for Swift Mailer with Symfony Components php-symfony-templating - tools needed to build a template system php-symfony-translation - tools to internationalize an application php-symfony-twig-bridge - integration for Twig with Symfony Components php-symfony-twig-bundle - configurable integration of Twig with the Symfony framework php-symfony-validator - tools to validate classes php-symfony-var-dumper - php-symfony-web-profiler-bundle - collect requests information for analysis and debugging php-symfony-yaml - convert YAML to PHP arrays and the other way around Changes: symfony (2.8.7+dfsg-1.3+deb9u1) stretch-security; urgency=medium . * Use gbp pq to handle patches introduced in NMU * Cherry-pick upstream commits to fix security issues - [Security] Validate redirect targets using the session cookie domain [CVE-2017-16652] - [Security] Namespace generated CSRF tokens depending of the current scheme [CVE-2017-16653] - prevent bundle readers from breaking out of paths [CVE-2017-16654] - [Form][DX] FileType "multiple" fixes - ensure that submitted data are uploaded files [CVE-2017-16790] - Adding session strategy to ALL listeners to avoid *any* possible fixation [CVE-2018-11385] - Adding session authentication strategy to Guard to avoid session fixation [CVE-2018-11385] - [HttpFoundation] Break infinite loop in PdoSessionHandler when MySQL is in loose mode [CVE-2018-11386] - [Security] Fix logout - do not mock the session in token storage tests - clear CSRF tokens when the user is logged out [CVE-2018-11406] - [Ldap] cast to string when checking empty passwords [CVE-2016-2403] - [SecurityBundle] Fail if security.http_utils cannot be configured [CVE-2018-11408] Checksums-Sha1: aeb473a0143e7b875d48ff56eed2f98ed125625f 6301 symfony_2.8.7+dfsg-1.3+deb9u1.dsc 966375f37bfe8f7866a5eb3727c630f92a45620d 3923472 symfony_2.8.7+dfsg.orig.tar.gz a54e0e52857d9b6331ab4b305ca9dca8f58a4753 54404 symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz Checksums-Sha256: 135c6f757c546a916c34b8e13956eace401d7828077a85eedcd4e3442f022b5d 6301 symfony_2.8.7+dfsg-1.3+deb9u1.dsc f2210726f29a03f754dc5fafbdaa2f88169bda5c5303db8cf05237d525071652 3923472 symfony_2.8.7+dfsg.orig.tar.gz 69e5b1a2de6ba62a9e77c244089b34c514fa9e1fa53cd911d163ebed54d03237 54404 symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz Files: 0cc3466b13b0422a6f522875d7c2cb72 6301 php optional symfony_2.8.7+dfsg-1.3+deb9u1.dsc d7bf966f909cb6146ec48d31b05f6032 3923472 php optional symfony_2.8.7+dfsg.orig.tar.gz 60be3de8dbe539ddf68e39012ce7d978 54404 php optional symfony_2.8.7+dfsg-1.3+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEeHVNB7wJXHRI941mBYwc+UT2vTwFAltf89MACgkQBYwc+UT2 vTyplAf7BtKdFOH2b6zzetYR+TIomFm+qLLhNVVcULsQaJbnxjIBAUj8S81Fp7GX sms4ylngbThOgnWhERnHGFyeuZ5DEUcmaMNgAVtSNO05ap/yAwSEVMTOW9clA5+z Qc0L5kGRQ5p6MxtulzP43QFDnoi6oESG/l4cystDMmx4UxiNeAccMZgn+L/fKUoy 5x/cQKFYuNwTpS+5CZ4Titn+JSLFX+6muTZoPgcwJ7Xf/XsIzyxEgi0viOKMKLkB 5ne7JdtemwB8J4c3Txoht0WT87FWFIz1bG2QmbOV3lEuwSy8vbIfZJGEO2T+1aUn Hwxb+nj+ty0umnsjpi/eA82JIK++Gw== =w+ln -----END PGP SIGNATURE-----