[php-maint] Bug#687307: Fwd: Updating php5 to 5.4.4-5 broke FastCGI setup on my machine
Christoph Anton Mitterer
calestyo at scientia.net
Sun Oct 28 22:21:26 UTC 2012
On Fri, 2012-10-26 at 13:18 +0200, Ondřej Surý wrote:
> + It is also advised that
> + you check your custom configuration whether it's not vulnerable to
> + foo.php.jpeg attacks. The php5_cgi configuration snippet can be used
> + as base - it's important to use FilesMatch or Files directive to
> + limit the handling to the last extension.
Can we perhaps explain a bit more, what the foo.php.jpeg attack is? The
last sentence hints it already a bit,... but I guess without clear
explanation people may simply skip it.
> I think it became clear that we are stuck with no solution which would
> work for anyone
Do you agree... that we should work on some hopefully
general-everything-works framework for jessie?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5450 bytes
Desc: not available
More information about the pkg-php-maint