unsubscribe Regards,
Lachlan Moss On 31 May 2015 at 18:52, Moritz Muehlenhoff <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3276-1 [email protected] > http://www.debian.org/security/ David Prevot > May 31, 2015 http://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : symfony > CVE ID : CVE-2015-4050 > > Jakub Zalas discovered that Symfony, a framework to create websites and > web applications, was vulnerable to restriction bypass. It was > affecting applications with ESI or SSI support enabled, that use the > FragmentListener. A malicious user could call any controller via the > /_fragment path by providing an invalid hash in the URL (or removing > it), bypassing URL signing and security rules. > > For the stable distribution (jessie), this problem has been fixed in > version 2.3.21+dfsg-4+deb8u1. > > For the testing distribution (stretch), this problem has been fixed > in version 2.7.0~beta2+dfsg-2. > > For the unstable distribution (sid), this problem has been fixed in > version 2.7.0~beta2+dfsg-2. > > We recommend that you upgrade your symfony packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: [email protected] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBAgAGBQJVasnAAAoJEBDCk7bDfE42+y4P/2JDQGaQ5w3Gmr41J0uGdm9h > LnWo5xPowZVnKlQMjNHcDHA5haRFjiOcynDQgq5cQNibXfNu0tk8ehAeXe4U8avn > OMva+7caYkmnPjIXxQcZIEXcsJ76B5snvnyxSt6kAfoiBYos+kD5iArvGR1Y3vA2 > 8wSm67PHlYt+NJuK1vHh0wNSslKviadfVQi4wtce6gyi1/sT1L44Kf+hi3vT/luB > SDBUfqfOJiNnTfOZVHuWkkJpisUCTcr+M8F8Mpa2ZEy0eV822KvPIlCMVHEI0Pxw > EeL4diN083vOXzfhtpDRzt+FJIw4K3xxWj1bnX4jD6Uj1OuE0YeGCCSQQbU0MFpn > oE4Y0WXE6Etyfy/JpcX0rL1fkagb/gsYV6yi7DQBVWclSQdfMHe60A6F4g4y6HTJ > aQwqQjIblAsDWK604IppoQb5+sr+RuLQMl9QJZEYdi8/hUG7due4hp1H3IB41EpE > pQn/zXGZknH66KaXgPVxX6cIgqXzB2dPSRNmeaX976pBbs9Gaa4YZ8ndWP2xtfd2 > tHJ/mQnB1fZfmg64ZMt0fEKCv9zQpStDmgCKtcpJzh/4IV/mUGP/OTEVR2mXCEP2 > XqGCsVa97czak1sxBQ7GXQa3+w7B/Nsb8t/8Y0M1eLi85HKSkiYjObN2E19o0Mee > ZafgYbnX3sDRlsGzRqfp > =s9g8 > -----END PGP SIGNATURE----- > > > -- > To UNSUBSCRIBE, email to [email protected] > with a subject of "unsubscribe". Trouble? Contact > [email protected] > Archive: > https://lists.debian.org/[email protected] > >
