Joined: 12 May 2004
|Posted: Sun May 18, 2014 11:26 pm Post subject: [ GLSA 201405-25 ] Symfony: Information disclosure
|Gentoo Linux Security Advisory
Title: Symfony: Information disclosure (GLSA 201405-25)
Date: May 18, 2014
A vulnerability in Symfony may allow remote attackers to read
Symfony is a professional, open-source PHP5 web development framework.
Vulnerable: < 1.4.20
Architectures: All supported architectures
Symfony does not properly sanitize input for upload requests.
A remote attacker could send a specially crafted file upload request,
possibly resulting in disclosure of sensitive information.
There is no known workaround at this time.
Gentoo has discontinued support for Symfony. We recommend that users
|# emerge --unmerge "dev-php/symfony"
Last edited by GLSA on Wed Jun 25, 2014 4:32 am; edited 2 times in total