Re: Possible release note for systems running PHP through CGI.

To: debian-release@lists.debian.org, debian-devel@lists.debian.org
Subject: Re: Possible release note for systems running PHP through CGI.
From: Christoph Anton Mitterer <calestyo@scientia.net>
Date: Mon, 20 Aug 2012 00:48:27 +0200
Message-id: <[🔎] 1345416507.3276.34.camel@fermat.scientia.net>
In-reply-to: <okj7g9-bb4.ln1@silverstone.rilynn.me.uk>
References: <[🔎] 20120819021726.GC20875@falafel.plessy.net> <okj7g9-bb4.ln1@silverstone.rilynn.me.uk>

On Sun, 2012-08-19 at 18:16 +0100, Roger Lynn wrote:
> How does this affect other web servers?
There was someone mentioning that lighthtttp may use /etc/mime.types,
too.
So yes, basically anything (though I guess security critical things
should only be found at webservers, as they typically serve interpreted
PHP) using /etc/mime.types in such a manner may be vulnerable.


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply to:

References:
- Possible release note for systems running PHP through CGI.
  - From: Charles Plessy <plessy@debian.org>

Prev by Date: Re: Possible release note for systems running PHP through CGI.
Next by Date: Re: Possible release note for systems running PHP through CGI.
Previous by thread: Re: Possible release note for systems running PHP through CGI.
Next by thread: Re: Possible release note for systems running PHP through CGI.
Index(es):
- Date
- Thread