please unsubscribe On Sun, May 29, 2016 at 6:53 PM, Luciano Bello <luci...@debian.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > - ------------------------------------------------------------------------- > Debian Security Advisory DSA-3588-1 secur...@debian.org > https://www.debian.org/security/ Luciano Bello > May 29, 2016 https://www.debian.org/security/faq > - ------------------------------------------------------------------------- > > Package : symfony > CVE ID : CVE-2016-1902 CVE-2016-4423 > > Two vulnerabilities were discovered in Symfony, a PHP framework. > > CVE-2016-1902 > > Lander Brandt discovered that the class SecureRandom might generate > weak random numbers for cryptographic use under certain settings. If > the functions random_bytes() or openssl_random_pseudo_bytes() are not > available, the output of SecureRandom should not be consider secure. > > CVE-2016-4423 > > Marek Alaksa from Citadelo discovered that it is possible to fill up > the session storage space by submitting inexistent large usernames. > > For the stable distribution (jessie), these problems have been fixed in > version 2.3.21+dfsg-4+deb8u3. > > For the testing distribution (stretch), these problems have been fixed > in version 2.8.6+dfsg-1. > > For the unstable distribution (sid), these problems have been fixed in > version 2.8.6+dfsg-1. > > We recommend that you upgrade your symfony packages. > > Further information about Debian Security Advisories, how to apply > these updates to your system and frequently asked questions can be > found at: https://www.debian.org/security/ > > Mailing list: debian-security-annou...@lists.debian.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCAAGBQJXSyojAAoJEG7C3vaP/jd0fkgP/Rg3MGnU+HOjA3yyqMpG44ui > pdYS9uxQHpfqrABEu4BxOOBikJmJOFTVbX6LgKRv7RD8ko0GocEfFVdVyIBg4q37 > ym1Kue3pLUYG+ZSDZY3AFTDqOPHdEd1VV0g+NSHOfwQUxB5rZcWbknL1JGiyuZBt > vZ6S6t11zEUppBrjlVqFoLZyqaO/6gbOSEl3IYoBJ8nGvpsEb54Hr1xnA0V61BmO > LSsnXumvkljlWxfLmdbv6eFZZPeqcTUSTrhSY8HSG4fk1hZYmD5zCcmj9HwFwpDV > Ix8qIr2dYqDeP1kXt5vgaJnQnYDcFZswz97vgdc+u+JfpwZzzg5YNLzXtyWMLueb > AoTpYkKqyMKt9OYR2LMrR6MApd53SlUMssb6TGBUvrs75fkkInDnn98x7HMOBANf > eCZjsaR42tm0H2ydi1mEI3kC2OswLXoVakAw//jYlRoznocQ2J11SvDWZ3ZIVN9N > V2AhyotQSD67BYiEkt1n1uln3zoHLxf8rMXRKO1A0CT0TQujyvwucXQ9YrMjcvN9 > TbjocikONjdvjrCGD7N5jYh6VFFjyLNgj+erXroGGnFWLq38Ao2+R+7ogMIUl4gX > 20ygoVwNeo2Bb+vmUiPOGTmh53GpbuTxMQArpT7/647gwZJhb2CtkzMnDxMBoU2x > E4S/jTK1mnD7vScdwaNs > =gJF9 > -----END PGP SIGNATURE----- > >
