symfony (2.3.21+dfsg-4+deb8u3) jessie-security; urgency=high

  [ Daniel Beyer ]
  * Backport a security fix from 2.3.41
    - Large username storage in session [CVE-2016-4423]
  * Backport a security fix from 2.3.37
    - SecureRandom's fallback not secure when OpenSSL fails [CVE-2016-1902]

  [ David Prévot ]
  * Add copyright entry for embeded paragonie/random_compat

 -- Daniel Beyer <dabe@deb.ymc.ch>  Tue, 10 May 2016 06:21:09 +0200

symfony (2.3.21+dfsg-4+deb8u2) jessie-security; urgency=high

  * Backport security fixes from 2.3.35
    - Session Fixation in the "Remember Me" Login Feature [CVE-2015-8124]
    - Vulnerability in Security Remember-Me Service [CVE-2015-8125]

 -- Daniel Beyer <dabe@deb.ymc.ch>  Tue, 24 Nov 2015 01:07:45 +0100

symfony (2.3.21+dfsg-4+deb8u1) jessie-security; urgency=high

  [ Daniel Beyer ]
  * Backport a security fix from 2.3.29
    - ESI unauthorized access [CVE-2015-4050]

 -- David Prévot <taffit@debian.org>  Wed, 27 May 2015 08:57:06 -0400

symfony (2.3.21+dfsg-4) unstable; urgency=medium

  * Backport security fixes from 2.3.27:
    - Esi Code Injection [CVE-2015-2308]
    - Unsafe methods in the Request class [CVE-2015-2309]

 -- David Prévot <taffit@debian.org>  Wed, 01 Apr 2015 16:53:00 -0400

symfony (2.3.21+dfsg-3) unstable; urgency=medium

  [ Daniel Beyer ]
  * Increase timeout in a problematic test in the Process component.
    This should finally get tests on ci.debian.net working and might
    prevent BTS #775625 from occurring again, which probably was
    not solved within 2.3.21+dfsg-2.

 -- David Prévot <taffit@debian.org>  Fri, 30 Jan 2015 09:19:53 -0400

symfony (2.3.21+dfsg-2) unstable; urgency=low

  [ Daniel Beyer ]
  * Fix a misbehaving test in the Process component (Closes: #775625)

  [ David Prévot ]
  * gbp: Track the Jessie branch

 -- David Prévot <taffit@debian.org>  Wed, 21 Jan 2015 12:42:11 -0400

symfony (2.3.21+dfsg-1) unstable; urgency=low

  * New upstream version
  * Update build-dependencies (add php5-intl, drop php-symfony-icu and
    icu-devtools)
  * Exclude tests of type intl-data

 -- Daniel Beyer <dabe@deb.ymc.ch>  Sun, 26 Oct 2014 17:08:18 +0100

symfony (2.3.20+dfsg-1) unstable; urgency=low

  [ Daniel Beyer ]
  * New upstream version.
  * Drop patches (adopted upstream)
     - 0001-SwiftmailerBridge-Bump-allowed-versions-of-swiftmail.patch
     - 0004-Finder-Escape-location-for-regex-searches.patch
  * Fix DEP-8 tests failing if no tty is present

  [ David Prévot ]
  * Use repacksuffix feature of uscan

 -- Daniel Beyer <dabe@deb.ymc.ch>  Sat, 11 Oct 2014 01:44:50 +0200

symfony (2.3.19+dfsg-1) unstable; urgency=low

  * Initial release. (Closes: #513646)

 -- Daniel Beyer <dabe@deb.ymc.ch>  Sun, 07 Sep 2014 18:34:19 +0200