Oh and one more thing (even though this is PHP unrelated): Maybe I misunderstand something but it seems both:
libapache2-mod-fcgid, which uses: <IfModule mod_fcgid.c> AddHandler fcgid-script .fcgi FcgidConnectTimeout 20 </IfModule> and libapache2-mod-fastcgi, which uses: <IfModule mod_fastcgi.c> AddHandler fastcgi-script .fcgi #FastCgiWrapper /usr/lib/apache2/suexec FastCgiIpcDir /var/lib/apache2/fastcgi </IfModule> are highly vulnerable to the evil.fcgi.jpeg issue... Can you confirm this? Cause then we need to open some critical bugs. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
