Bug#400966: Patch, security
I'm submitting the following patch, result of many corrections thanks to tests
on all release architectures and kfreebsd-i386.
Seriously, this is an untested patch which I think is quite important to apply
for Etch. We released Sarge without the PHP version recommended by upstream,
and thankfully upstream provided security support for PHP 4 up to now, but
shipping PHP 4 "by default" in Etch doesn't look good, given the state of
upstream security in general and the time since PHP 4 was replaced. It is too
late to remove PHP 4 from Etch but I expect it to have inappropriate support
similar to what happened in woody, so we should avoid making it the default
version.
Please let me know if you have a reason not to apply this patch.
--- web-server 2005-08-24 21:40:18.000000000 -0400
+++ web-server.5 2007-03-02 18:04:18.000000000 -0500
@@ -9,7 +9,7 @@
Packages: task-fields
Packages-list:
apache2-doc
- libapache2-mod-php4
+ libapache2-mod-php5
libapache2-mod-perl2
libapache2-mod-python
analog
Reply to: