[SECURITY] Fedora 16 Update: php-symfony2-Yaml-2.0.22-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Mon Jan 28 14:52:49 UTC 2013


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-1130
2013-01-20 02:13:00
--------------------------------------------------------------------------------

Name        : php-symfony2-Yaml
Product     : Fedora 16
Version     : 2.0.22
Release     : 1.fc16
URL         : http://symfony.com/doc/current/components/yaml.html
Summary     : Symfony2 Yaml Component
Description :
The Symfony2 YAML Component parses YAML strings to convert them to PHP arrays.
It is also able to convert PHP arrays to YAML strings.

YAML, YAML Ain't Markup Language, is a human friendly data serialization
standard for all programming languages. YAML is a great format for your
configuration files. YAML files are as expressive as XML files and as readable
as INI files.

The Symfony2 YAML Component implements the YAML 1.2 version of the
specification.

--------------------------------------------------------------------------------
Update Information:

Updated to upstream version 2.0.22

CVE-2013-1348: Ability to enable/disable PHP parsing in Yaml::parse()
CVE-2013-1397: Ability to enable/disable object support in YAML parsing and dumping

See: http://symfony.com/blog/security-release-symfony-2-0-22-and-2-1-7-released

Changelog: https://github.com/symfony/symfony/blob/v2.0.22/CHANGELOG-2.0.md
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update php-symfony2-Yaml' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list