Package: php5-suhosin Version: 0.9.27-1 Severity: critical Justification: breaks unrelated software
Suhosin nulls the parameters of a very large mysql update resulting in null values being submitted to the database, where data was expected. It seems more reasonable that Suhosin would instead kill the update queries if it considers them to be an attack. And log it so the admin can make appropriate changes. As it is, it is highly destructive, and not immediately apparent when suhosin is first installed/updated. It only appears later when the end-users generate a large enough update. A ticking time bomb for the database. This has been certainly more destructive to me in the last week, than any "attack" in the last 10 years. Until this is resolved I would suggest Suhosin be enabled in simulation mode by default. Thank you, David -- System Information: Debian Release: 5.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 2.6.18.8-linode16 (SMP w/4 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/bash Versions of packages php5-suhosin depends on: ii libapache2-mod-php 5.2.6.dfsg.1-1+lenny2 server-side, HTML-embedded scripti ii libc6 2.7-18 GNU C Library: Shared libraries ii php5-cli [phpapi-2 5.2.6.dfsg.1-1+lenny2 command-line interpreter for the p php5-suhosin recommends no packages. php5-suhosin suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
