Re: PMASA-2005-6 when "register_globals = on"

To: debian-security@lists.debian.org
Subject: Re: PMASA-2005-6 when "register_globals = on"
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Wed, 16 Nov 2005 00:02:49 -0200
Message-id: <[🔎] 20051116020249.GA12477@khazad-dum.debian.net>
In-reply-to: <[🔎] 20051115202756.GA8857@steve.org.uk>
References: <[🔎] 200511151754.32997.Piotr_Roszatycki@netia.net.pl> <[🔎] 20051115202756.GA8857@steve.org.uk>

On Tue, 15 Nov 2005, Steve Kemp wrote:
> On Tue, Nov 15, 2005 at 05:54:32PM +0100, Piotr Roszatycki wrote:
> > http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2005-6 reports 
> > that sarge's phpmyadmin package has a security flaw which is occured only if 
> > "register_globals = on" setting is used.
> > 
> > This feature is disabled in Debian package by default so I doubt if this is 
> > serious problem. I'd like to ask if I should prepare the new package for 
> > sarge or not?
> 
>   I think an upload would be justified.

Agreed. I know from real life that many servers are *forced* to run with
register_globals = on, due to reasons I'd rather not comment upon.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- PMASA-2005-6 when "register_globals = on"
  - From: Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl>
- Re: PMASA-2005-6 when "register_globals = on"
  - From: Steve Kemp <skx@debian.org>

Prev by Date: Re: PMASA-2005-6 when "register_globals = on"
Next by Date: Re: Debian bad i386 Release file signature on Nov 9?
Previous by thread: Re: PMASA-2005-6 when "register_globals = on"
Next by thread: Debian bad i386 Release file signature on Nov 9?
Index(es):
- Date
- Thread