[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#972189: sympa: CVE-2020-10936 regression - removal of needed environment variables


From what I understand the FCGI wrapper was used as CGI through e.g. fcgiwrap, and upstream recommended to switch to fcgi-spawn following https://sympa-community.github.io/manual/install/configure-http-server-spawnfcgi.html

Carsten agreed and suggested we add a note about this in the Debian documentation, so I plan to add a note in README.Debian or NEWS.Debian.

Given there were no other reports I believe this addresses the issue.

Sylvain Beucler
Debian LTS Team

Reply to: