Bug#398437: Please add notice about PHP register_globals not security supported

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#398437: Please add notice about PHP register_globals not security supported
From: Thijs Kinkhorst <thijs@debian.org>
Date: Mon, 13 Nov 2006 20:35:25 +0100
Message-id: <[🔎] 1163446530.4774.36.camel@darwin.os9.nl>
Reply-to: Thijs Kinkhorst <thijs@debian.org>, 398437@bugs.debian.org

Package: release-notes

Hi,


I propose to add this text:

========
Starting with this release, the Debian security team does not provide
security support for a number of PHP configurations which are known to
be insecure. Most importantly, issues that make use of the
register_globals setting being turned on are not addressed. This setting
is known to be insecure and has defaulted to off for many years. If you
run legacy applications that require it, enable register_globals for the
respective paths only, e.g. through the Apache configuration file. More
information is available in the README.Debian.security file in the PHP
documentation directory (/usr/share/doc/php{4,5}).
========


Thijs

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to:

Follow-Ups:
- Bug#398437: marked as done (Please add notice about PHP register_globals not security supported)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#391023: XS-Vcs-field
Next by Date: Bug#362996: Release Notes should document possible issues with X transition
Previous by thread: Attention To Your Eductaion
Next by thread: Bug#398437: marked as done (Please add notice about PHP register_globals not security supported)
Index(es):
- Date
- Thread