[php-maint] Bug#687307: Fwd: Updating php5 to 5.4.4-5 broke FastCGI setup on my machine

Christoph Anton Mitterer calestyo at scientia.net
Sun Oct 28 22:21:26 UTC 2012

On Fri, 2012-10-26 at 13:18 +0200, Ondřej Surý wrote:
> + It is also advised that
> + you check your custom configuration whether it's not vulnerable to
> + foo.php.jpeg attacks.  The php5_cgi configuration snippet can be used
> + as base - it's important to use FilesMatch or Files directive to
> + limit the handling to the last extension.
Can we perhaps explain a bit more, what the foo.php.jpeg attack is? The
last sentence hints it already a bit,... but I guess without clear
explanation people may simply skip it.

> I think it became clear that we are stuck with no solution which would
> work for anyone
Do you agree... that we should work on some hopefully
general-everything-works framework for jessie?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5450 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20121028/718baba2/attachment.bin>

More information about the pkg-php-maint mailing list