Re: Possible release note for systems running PHP through CGI.

To: debian-release@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: Possible release note for systems running PHP through CGI.
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Mon, 20 Aug 2012 00:46:11 +0200
Message-id: <[🔎] 1345416371.3276.32.camel@fermat.scientia.net>
In-reply-to: <[🔎] 20120819152607.GB18815@jones.dk>
References: <[🔎] 20120819021726.GC20875@falafel.plessy.net> <[🔎] 20120819152607.GB18815@jones.dk>

On Sun, 2012-08-19 at 17:26 +0200, Jonas Smedegaard wrote:
> FWiW, out of the ~7'500 popcon hits of regular use of php5-cgi, ~900 
> also regularly uses suphp, so might be unaffected by this issue.
"mights" are not something we should build our security upon.

And apart from that... I had a very short glance at suphp,... and it
seems it also uses mime-types for handlers, right?
So that means setups may likely also be vulnerable to the removal of the
types from mime-types.

Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to:

References:
- Possible release note for systems running PHP through CGI.
  - From: Charles Plessy <plessy@debian.org>
- Re: Possible release note for systems running PHP through CGI.
  - From: Jonas Smedegaard <dr@jones.dk>

Prev by Date: Re: Possible release note for systems running PHP through CGI.
Next by Date: Re: Possible release note for systems running PHP through CGI.
Previous by thread: Re: Possible release note for systems running PHP through CGI.
Next by thread: Re: Possible release note for systems running PHP through CGI.
Index(es):
- Date
- Thread