[php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems
Stefan Fritsch
sf at debian.org
Wed Aug 15 19:07:01 UTC 2012
Thanks for coming up with some wording.
On Wednesday 15 August 2012, Ondřej Surý wrote:
> In order to avoid any problems when not using Apache PHP5 module,
> and if you relied on MIME type definitions, read the README.Debian
> from the php5-common package on how to correctly configure PHP 5
> running as a CGI or FastCGI (examples are provided for the Apache
> HTTPD Server) and take care, that and PHP files intended to be
> interpreted are recognised as such (typically by adding MIME-Type
> or handler definitions in the webserver configuration).
Since we have gone to great pains to not use the magic MIME types
anymore, I think we should not recommend them here. Or at least not as
the first option.
Also, there is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670945
to take into account. Is the wording still ok if the solution I
suggested is implemented?
More information about the pkg-php-maint
mailing list