blob: 8dc361e108b1189a4a0592679fde39838ea6f02d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
php5 (5.4.4-5) unstable; urgency=low
Please be aware that the mime-support package has dropped non-standard
definitions for PHP, which might affect any systems using PHP 5
running as CGI or FastCGI. The following definitions were dropped:
application/x-httpd-php phtml pht php
application/x-httpd-php-source phps
application/x-httpd-php3 php3
application/x-httpd-php3-preprocessed php3p
application/x-httpd-php4 php4
application/x-httpd-php5 php5
The php5-cgi package mitigates any known issues by creating a (dummy)
apache2 module php5_cgi with a configuration containing handlers for
all previously defined extensions. Even though we believe that this
configuration should keep your PHP scripts working, it might be a
good idea to check your apache2 site-wide configuration as well as
any specific PHP configuration for websites running on your system.
The new (dummy) php5_cgi configuration uses the SetHandler directive,
which might interfere with existing custom configurations such as
FastCGI (mod_fcgid or mod_fastcgi). If so, you can reenable the
existing functionality of your custom configuration by disabling the
php5_cgi module (a2dismod php5_cgi), but you are also advised to
check whether your custom configuration is vulnerable to foo.php.jpeg
attacks. The php5_cgi configuration snippet can be used as a base -
it's important to use the FilesMatch or Files directive to limit the
handling to the last extension.
As far as we know definitions from the mime-support packages are not
used in any other webserver included in Debian, but it might affect
any application which relies on system MIME types to interpret PHP
files.
-- Ondřej Surý <ondrej@debian.org> Wed, 15 Aug 2012 10:31:31 +0200
|
