FEDORA-EPEL-2015-8113 created by remi 5 years ago for Fedora EPEL 7
stable

Zend Framework 2.4.8

Security Update

  • ZF2015-07: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002).

Bug fixed from upstream Changelog

  • validate against DateTimeImmutable instead of DateTimeInterface
  • treat 0.0 as non-empty, restoring pre-2.4 behavior
  • deprecate "magic" logic for auto-attaching NonEmpty validators in favor of explicit attachment
  • ensure fallback values work as per pre-2.4 behavior
  • update the InputFilterInterface::add() docblock to match implementations
  • Fix how missing optoinal fields are validated to match pre 2.4.0 behavior
  • deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26
  • fix typos in aria attribute names of AbstractHelper
  • fixes the ContentType header to properly handle encoded parameter values
  • fixes the Sender header to allow mailbox addresses without TLDs
  • fixes parsing of messages that contain an initial blank line before headers
  • fixes the SetCookie header to allow multiline values (as they are always encoded
  • fixes DefaultRenderingStrategy errors due to controllers returning non-view model results

This update has been submitted for testing by remi.

5 years ago

This update has been pushed to testing.

5 years ago

This update has been submitted for stable by remi.

5 years ago

This update has been pushed to stable.

5 years ago

Please login to add feedback.

Metadata
Type
security
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
disabled
Dates
submitted
5 years ago
in testing
5 years ago
in stable
5 years ago

Automated Test Results