[SECURITY] Conflict insecure versions symfony/cache component 42/61142/2
authorBenni Mack <benni@typo3.org>
Tue, 25 Jun 2019 06:41:29 +0000 (08:41 +0200)
committerOliver Hader <oliver.hader@typo3.org>
Tue, 25 Jun 2019 06:41:34 +0000 (08:41 +0200)
The symfony/cache component is not directly used by the core but
is a dependency of symfony/expression-language which is used in
the core.

The affected symfony/cache packages have been marked as
"conflict" in the composer.json.

See https://symfony.com/blog/cve-2019-10912-prevent-destructors-with-side-effects-from-being-unserialized

Resolves: #88215
Releases: master, 9.5
Security-Commit: d13c36e9e9951030a0787c63674634a52ff0aae3
Security-Bulletin: TYPO3-CORE-SA-2019-016
Change-Id: If98391ceef88561507d0095d26455a8da128f01e
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/61142
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
composer.json
composer.lock
typo3/sysext/core/composer.json

index 7db309b..96d614c 100644 (file)
@@ -84,6 +84,7 @@
                "ext-mysqli": ""
        },
        "conflict": {
+               "symfony/cache": "< 2.8.50 >= 2.8.0 || < 3.4.26 >= 3.4.0 || < 4.1.12 >= 4.1.0 || < 4.2.7 >= 4.2.0",
                "symfony/finder": "2.7.44 || 2.8.37 || 3.4.7 || 4.0.7",
                "symfony/routing": "4.2.7"
        },
index a77d233..dcf4965 100644 (file)
@@ -4,7 +4,7 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
         "This file is @generated automatically"
     ],
-    "content-hash": "d51c3aee99999de0ef61a76328527a60",
+    "content-hash": "ab63943f41a231201a3e0b76fa2de7ef",
     "packages": [
         {
             "name": "cogpowered/finediff",
index e66c602..0aee9dd 100644 (file)
@@ -63,6 +63,7 @@
                "ext-zlib": "TYPO3 uses zlib for amongst others output compression and un/packing t3x extension files"
        },
        "conflict": {
+               "symfony/cache": "< 2.8.50 >= 2.8.0 || < 3.4.36 >= 3.4.0 || < 4.1.12 >= 4.1.0 || < 4.2.7 >= 4.2.0",
                "symfony/finder": "2.7.44 || 2.8.37 || 3.4.7 || 4.0.7",
                "typo3/cms": "*",
                "symfony/routing": "4.2.7"