diff options
| -rw-r--r-- | debian/php5-cgi.NEWS | 24 |
1 files changed, 12 insertions, 12 deletions
diff --git a/debian/php5-cgi.NEWS b/debian/php5-cgi.NEWS index 644fe09a1..b09baf305 100644 --- a/debian/php5-cgi.NEWS +++ b/debian/php5-cgi.NEWS @@ -1,8 +1,8 @@ php5 (5.4.4-5) unstable; urgency=low Please be aware that the mime-support package has dropped non-standard - definitions for PHP that might affect any systems using PHP 5 running - as CGI or FastCGI. The following definitions were dropped: + definitions for PHP, which might affect any systems using PHP 5
+ running as CGI or FastCGI. The following definitions were dropped:
application/x-httpd-php phtml pht php application/x-httpd-php-source phps @@ -14,19 +14,19 @@ php5 (5.4.4-5) unstable; urgency=low The php5-cgi package mitigates any known issues by creating a (dummy) apache2 module php5_cgi with a configuration containing handlers for all previously defined extensions. Even though we believe that this - configuration should keep your PHP scripts interpreted, it might be a + configuration should keep your PHP scripts working, it might be a
good idea to check your apache2 site-wide configuration as well as any specific PHP configuration for websites running on your system. - The new (dummy) php5_cgi configuration uses SetHandler directive and - thus it might interfere with your existing custom configuration like - FastCGI (mod_fcgid or mod_fastcgi). In that case please disable - php5_cgi module (a2dismod php5_cgi) to reenable the existing - functionality of your custom configuration. It is also advised that - you check your custom configuration whether it's not vulnerable to - foo.php.jpeg attacks. The php5_cgi configuration snippet can be used - as base - it's important to use FilesMatch or Files directive to - limit the handling to the last extension. + The new (dummy) php5_cgi configuration uses the SetHandler directive,
+ which might interfere with existing custom configurations such as
+ FastCGI (mod_fcgid or mod_fastcgi). If so, you can reenable the
+ existing functionality of your custom configuration by disabling the
+ php5_cgi module (a2dismod php5_cgi), but you are also advised to
+ check whether your custom configuration is vulnerable to foo.php.jpeg
+ attacks. The php5_cgi configuration snippet can be used as a base -
+ it's important to use the FilesMatch or Files directive to limit the
+ handling to the last extension.
As far as we know definitions from the mime-support packages are not used in any other webserver included in Debian, but it might affect |