Your message dated Sun, 3 Mar 2019 20:35:55 +0100 with message-id <7b603213-96c5-8056-b6d3-7b2c7a62a7f6@debian.org> and subject line close release-notes bugs for releases before stretch has caused the Debian Bug report #762026, regarding php5-cgi + libapache2-mod-fcgid wheezy upgrade problem not documented well to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 762026: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=762026 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Cc: php5-cgi@packages.debian.org, libapache2-mod-fcgid@packages.debian.org
- Subject: php5-cgi + libapache2-mod-fcgid wheezy upgrade problem not documented well
- From: Josip Rodin <joy@debbugs.entuzijast.net>
- Date: Wed, 17 Sep 2014 22:17:55 +0200
- Message-id: <20140917201755.GA31377@entuzijast.net>
Package: release-notes Version: 7 Hi, The squeeze to wheezy upgrade of php5-cgi fixes one security problem and introduces another on some systems, by way of refusing to run some PHP code, which in turn makes it expose PHP program source. The problem is documented in #687307. The file /usr/share/doc/php5-cgi/NEWS.Debian.gz had been updated to include: * As a side effect of the MIME-Type changes in the mime-support package, the default Apache 2 configuration will no longer perform HTTP content negotiation on the PHP file extensions, which was very questionable anyway. If you really want to re-enable this support then please read /usr/share/doc/php5-common/README.Debian file for further instructions. Unfortunately, this is just lousy documentation - it's both unlikely anyone will see it before the dist-upgrade, and it's unlikely that they will connect the dots between this mumbo jumbo up there and the actual symptoms you observe following the upgrade. The release notes mention a php5-suhosin problem already, which is great, so they should also include something like this in roughly the same place: If you have installed both the php5-cgi and the libapache2-mod-fcgid package, and set up Apache so that .php files are processed through these two, the upgrade will enable a new Apache module configuration called 'php5_cgi', which in turn may conflict with this use case and introduce an information disclosure security problem if left unattended following the upgrade. Please read /usr/share/doc/php5-cgi/NEWS.Debian.gz for more information. TIA. -- 2. That which causes joy or happiness.
--- End Message ---
--- Begin Message ---
- To: 706610-done@bugs.debian.org, 762026-done@bugs.debian.org, 783232-done@bugs.debian.org, 783235-done@bugs.debian.org, 803356-done@bugs.debian.org, 683698-done@bugs.debian.org, 699754-done@bugs.debian.org, 706217-done@bugs.debian.org, 769388-done@bugs.debian.org, 774563-done@bugs.debian.org, 706131-done@bugs.debian.org, 617982-done@bugs.debian.org, 708135-done@bugs.debian.org, 610194-done@bugs.debian.org, 713914-done@bugs.debian.org, 770533-done@bugs.debian.org
- Subject: close release-notes bugs for releases before stretch
- From: Paul Gevers <elbrus@debian.org>
- Date: Sun, 3 Mar 2019 20:35:55 +0100
- Message-id: <7b603213-96c5-8056-b6d3-7b2c7a62a7f6@debian.org>
Hi, We are sorry that we were not able to handle your contribution or suggestion for changes to the release-notes. I am going over old bugs and I am closing all the items that were suggested for the release-notes of Debian releases before stretch. On the good side, some even appear to have been applied, without the bug being closed. Please don't hesitate to open a new bug if you think your suggestion is still valuable for the release-notes of buster. If you do that, we'd appreciate it when you try to summarize the issue properly when the closed bug was more than a couple of messages. PaulAttachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---