[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

Le Wed, Aug 01, 2012 at 01:54:30AM +0200, Christoph Anton Mitterer a écrit :
> 
> I guess what I propose here
> (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674089#35) is the
> best/safest way to go:
> 
> 1) something in the release notes
> 2) the NEWS files of at least
>   mime-types, apache, php5-common (mod_php is not enough)
>   likely also lighthttpd... maybe even more (nautilus? everything using
> mime-types?)
> 3) don't then add any "default" PHP type/handler definitions in the
> apache config... remove any existing ones.

Dear all,

do I understand correctly that the problem would be solved by documenting the
change in the release notes ?

If yes, can somebody write a draft and reassign this bug to the release-notes
packages ?

Have a nice day,

-- 
Charles Plessy
Co-maintainer of the mime-support package
Tsurumi, Kanagawa, Japan
Reply to: