Hi, * Giuseppe Iuculano <[email protected]> [2008-12-23 14:50]: > Thijs Kinkhorst ha scritto: > > As it seems, upstream does already support running in register_globals=0 > > mode > > for a long time (according to their changelog since 2002...). Therefore I > > guess this bug would be fixed if the statement turning register_globals on > > was removed from the Apache configuration file. Of course this does need > > some > > thorough testing. > > > > When doing that, including the fix from this bug report aswell is a good > > idea > > since it can't hurt and will provide some extra protection for those > > running > > unsafe setups. > > Upstream released a new version to fix this issue. In attachment the debdiff > for > stable/testing/unstable with the trivial backported patch[1], and > register_globals off (not in stable). > > I also tested phppgadmin with register_globals off, and I didn't find any > evidently problems. > > I'm not a DD, so these need a review and an upload.
I take care of sponsoring the upload for unstable. For stable security the version looks wrong to me, please use 4.0.1-3.1etch1. Cheers Nico -- Nico Golde - http://www.ngolde.de - [email protected] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpSdym4v9iad.pgp
Description: PGP signature
