Candidate: CVE-2015-2308
PublicDate: 2015-06-24 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2308
Description:
 Eval injection vulnerability in the HttpCache class in HttpKernel in
 Symfony 2.x before 2.3.27, 2.4.x and 2.5.x before 2.5.11, and 2.6.x before
 2.6.6 allows remote attackers to execute arbitrary PHP code via a
 language="php" attribute of a SCRIPT element.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_symfony:
upstream_symfony: released (2.3.21+dfsg-4)
lucid_symfony: ignored (reached end-of-life)
precise_symfony: DNE
precise/esm_symfony: DNE
trusty_symfony: DNE
trusty/esm_symfony: DNE
utopic_symfony: DNE
vivid_symfony: ignored (reached end-of-life)
vivid/stable-phone-overlay_symfony: DNE
vivid/ubuntu-core_symfony: DNE
wily_symfony: ignored (reached end-of-life)
xenial_symfony: not-affected (2.7.10-0ubuntu2)
yakkety_symfony: ignored (reached end-of-life)
zesty_symfony: ignored (reached end-of-life)
artful_symfony: ignored (reached end-of-life)
bionic_symfony: not-affected (3.4.6+dfsg-1)
devel_symfony: not-affected (3.4.15+dfsg-2ubuntu4)