Bugzilla – Bug 926177
VUL-0: CVE-2015-2308, CVE-2015-2309: symfony: Esi Code Injection, Unsafe methods in the Request class
Last modified: 2023-08-07 02:41:34 UTC
Reported against server:php:applications. Not in openSUSE or SLE. We got some sketchy details about vulnerabilities in php symfony, see references below. server:php:applications packages 1.0.11 which is old unsupported. The issues may not affect it. Current LTS is 2.3.27, current stable is 2.6.6. This is just a ping to see if this package is still maintained? If so could it be updated? References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2308 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2308.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2309 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2309.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2309
bugbot adjusting priority
This is a quite old bug, can not set needinfo to the bug reporter any longer. So close it now, but please feel free to reopen it whenever necessary, thanks.