Package: php5-suhosin Version: 0.9.31-1 Severity: normal Suhosin is now installed and enabled by default. So "1. if anybody installes a php security module, the documentation should be read" no longer applies.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=575912 It seems certain defaults are very low. Could those defaults be increased? May 7 13:03:46 xwis suhosin[6142]: ALERT - configured request variable total name length limit exceeded - dropped variable 'rows_to_delete[%60xw_ladders%60.%60gsku%60+%3D+31+AND+%60xw_ladders%60.%60trny%60+%3D+0+AND+%60xw_ladders%60.%60lid%60+%3D+5+AND+%60xw_ladders%60.%60max_wins%60+%3D+0+AND+%60xw_ladders%60.%60min_dura%60+%3D+90+AND+%60xw_ladders%60.%60min_plrs%60+%3D+2+AND+%60xw_ladders%60.%60max_plrs%60+%3D+2]' (attacker '82.171.102.67', file '/usr/share/phpmyadmin/tbl_row_action.php') The 'attacker' would be me. Better (more neutral) wording might be appropriate. Why doesn't Suhosin abort this request instead of dropping some input arguments? Olaf -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (1, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages php5-suhosin depends on: ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii php5-cgi [phpapi-20090626] 5.3.2-1 server-side, HTML-embedded scripti ii php5-cli [phpapi-20090626] 5.3.2-1 command-line interpreter for the p php5-suhosin recommends no packages. php5-suhosin suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
