Fedora 23 ZF2015-07 Critical: php-ZendFramework2 Local Escalation Risk

Zend Framework 2 is an open source framework for developing web applications

and services using PHP 5.3+. Zend Framework 2 uses 100% object-oriented code

and utilizes most of the new features of PHP 5.3, namely namespaces, late

static binding, lambda functions and closures.

Zend Framework 2 evolved from Zend Framework 1, a successful PHP framework

with over 15 million downloads.

Note: This meta package installs all base Zend Framework component packages

(Authentication, Barcode, Cache, Captcha, Code, Config, Console, Crypt, Db,

Debug, Di, Dom, Escaper, EventManager, Feed, File, Filter, Form, Http, I18n,

InputFilter, Json, Ldap, Loader, Log, Mail, Math, Memory, Mime, ModuleManager,

Mvc, Navigation, Paginator, Permissions-Acl, Permissions-Rbac, ProgressBar,

Serializer, Server, ServiceManager, Session, Soap, Stdlib, Tag, Test, Text,

Uri, Validator, Version, View, XmlRpc) except the optional Cache-apc and

Cache-memcached packages.

**Zend Framework 2.4.8** **Security Update** * **ZF2015-07**: The filesystem storage adapter of Zend\Cache was creating directories with a liberal umask that could lead to local arbitrary code execution and/or local privilege escalation. This release contains a patch that ensures the directories are created using permissions of 0775 and files using 0664 (essentially umask 0002). **Bug fixed** from upstream [Changelog]() * validate against DateTimeImmutable instead of DateTimeInterface * treat 0.0 as non-empty, restoring pre-2.4 behavior * deprecate "magic" logic for auto- attaching NonEmpty validators in favor of explicit attachment * ensure fallback values work as per pre-2.4 behavior * update the InputFilterInterface::add() docblock to match implementations * Fix how missing optoinal fields are validated to match pre 2.4.0 behavior * deprecate AllowEmpty and ContinueIfEmpty annotations, per zend-inputfilter#26 * fix typos in aria attribute names of AbstractHelper * fixes the C...