[Secure-testing-team] register_globals on is not supported
Giuseppe Iuculano
giuseppe at iuculano.it
Tue Dec 23 10:49:31 UTC 2008
tags 508026 fixed-upstream
thanks
Hi,
Thijs Kinkhorst ha scritto:
> As it seems, upstream does already support running in register_globals=0 mode
> for a long time (according to their changelog since 2002...). Therefore I
> guess this bug would be fixed if the statement turning register_globals on
> was removed from the Apache configuration file. Of course this does need some
> thorough testing.
>
> When doing that, including the fix from this bug report aswell is a good idea
> since it can't hurt and will provide some extra protection for those running
> unsafe setups.
Upstream released a new version to fix this issue. In attachment the debdiff for
stable/testing/unstable with the trivial backported patch[1], and
register_globals off (not in stable).
I also tested phppgadmin with register_globals off, and I didn't find any
evidently problems.
I'm not a DD, so these need a review and an upload.
[1]http://github.com/xzilla/phppgadmin/commit/a4531f0f3345f92c721aaeae0226fea0b634aed4
Giuseppe.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: phppgadmin_4.0.1-3.2.debdiff
Url: http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081223/c6ea2327/attachment.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: phppgadmin_4.2.1-1.1.debdiff
Url: http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081223/c6ea2327/attachment-0001.txt
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: phppgadmin_4.2-1.1.debdiff
Url: http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081223/c6ea2327/attachment-0002.txt
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20081223/c6ea2327/attachment.pgp
More information about the Secure-testing-team
mailing list