CVE Request -- Symfony / php-symfony-symfony: Session fixation flaw corrected in upstream 1.4.18 version

[Jan Lieskovsky <jlieskov () redhat com>]

Hello Kurt, Steve, vendors,

  a session fixation flaw was found in the way Symfony, an open-source PHP web applications 
development framework, performed removal of user credential, adding several user credentials at once 
and 'user authenticated' settings change by regenerating session ID. A remote attacker could provide 
a specially-crafted URL, that when visited by a valid Symfony application user (victim) could lead 
to unauthorized access to the victim's user account.

References:
[1] https://bugs.gentoo.org/show_bug.cgi?id=418427
[2] http://symfony.com/blog/security-release-symfony-1-4-18-released
[3] http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG

Upstream patch:
[4] http://trac.symfony-project.org/changeset/33466?format=diff&new=33466

Could you allocate a CVE id for this? (afaics there hasn't been
requested one for this issue yet during last month / from the start
of June 2012)

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team