Source: php5 Version: 5.4.4-15 Severity: important Tags: security
Hi. I just noted by chance on an upgrade, that the following files were automatically added back Only in /etc/php5/cgi/conf.d: 20-pdo_pgsql.ini Only in /etc/php5/cgi/conf.d: 20-pgsql.ini Only in /etc/php5/conf.d: 20-pdo_pgsql.ini Only in /etc/php5/conf.d: 20-pgsql.ini which I've had disabled before. IMHO that shouldn't happen... actually I think, that it would even be better, if _no_ modules are automatically loaded... auto-magic stuff is nice for out-of-the-box games, but not for serious and secure administration :) ... perhaps a release goal for jessie?! ;) I mark this as important/security, as unintentionally enabling a module in the "global" /etc/php5/conf.d could be an issue if that is e.g. security critical and was intentionally only enabled in e.g. SSL client auth secured URI spaces. Thanks, Chris. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
