[php-maint] Bug#674089: Bug#674089: mime-support: removed application/x-httpd-* can lead to immense security problems

Stefan Fritsch sf at debian.org
Wed Aug 15 19:07:01 UTC 2012

Thanks for coming up with some wording.

On Wednesday 15 August 2012, Ondřej Surý wrote:
>  In order to avoid any problems when not using Apache PHP5 module,
> and if you relied on MIME type definitions, read the README.Debian
> from the php5-common package on how to correctly configure PHP 5
> running as a CGI or FastCGI (examples are provided for the Apache
> HTTPD Server) and take care, that and PHP files intended to be
> interpreted are recognised as such (typically by adding MIME-Type
> or handler definitions in the webserver configuration).

Since we have gone to great pains to not use the magic MIME types 
anymore, I think we should not recommend them here. Or at least not as 
the first option.

Also, there is http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670945 
to take into account. Is the wording still ok if the solution I 
suggested is implemented?

More information about the pkg-php-maint mailing list