[pkg-lighttpd] r330 - in lighttpd/trunk/debian: . conf-available
madcoder at alioth.debian.org
madcoder at alioth.debian.org
Tue May 6 18:01:27 UTC 2008
Author: madcoder
Date: 2008-05-06 18:01:26 +0000 (Tue, 06 May 2008)
New Revision: 330
Modified:
lighttpd/trunk/debian/changelog
lighttpd/trunk/debian/conf-available/10-cgi.conf
Log:
* Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276).
Modified: lighttpd/trunk/debian/changelog
===================================================================
--- lighttpd/trunk/debian/changelog 2008-05-06 17:59:43 UTC (rev 329)
+++ lighttpd/trunk/debian/changelog 2008-05-06 18:01:26 UTC (rev 330)
@@ -11,6 +11,7 @@
+ install master alternatives on spawn-fcgi.lighttpd and
spawn-fcgi.lighttd.1.
+ add Conflict against cherokee <= 0.6.1-1.
+ * Quote "dangerous" bits of conf-available/10-cgi.conf (Closes: 479276).
-- Pierre Habouzit <madcoder at debian.org> Sun, 13 Apr 2008 13:27:55 +0200
Modified: lighttpd/trunk/debian/conf-available/10-cgi.conf
===================================================================
--- lighttpd/trunk/debian/conf-available/10-cgi.conf 2008-05-06 17:59:43 UTC (rev 329)
+++ lighttpd/trunk/debian/conf-available/10-cgi.conf 2008-05-06 18:01:26 UTC (rev 330)
@@ -19,8 +19,11 @@
cgi.assign = ( "" => "" )
}
-cgi.assign = (
- ".pl" => "/usr/bin/perl",
- ".php" => "/usr/bin/php-cgi",
- ".py" => "/usr/bin/python",
-)
+## Warning this represents a security risk, as it allow to execute any file
+## with a .pl/.php/.py even outside of /usr/lib/cgi-bin.
+#
+#cgi.assign = (
+# ".pl" => "/usr/bin/perl",
+# ".php" => "/usr/bin/php-cgi",
+# ".py" => "/usr/bin/python",
+#)
More information about the pkg-lighttpd-maintainers
mailing list