Package: php5-suhosin Version: 0.9.32.1-1 Severity: grave Justification: causes non-serious data loss
To reproduce this bug: 1. Take a fresh copy of Debian Squeeze 2. Install apache2-mpm-prefork, libapache2-mod-php5 and php5-xcache 3. Run apache2ctl stop, apache2ctl start to take you to the starting point 4. Create a php-script that stores session data (session_start(), $_SESSION['foo'] = "bar";) 5. The session data in written encrypted in /lib/var/php5. 6. Restart apache with apache2ctl restart. 7. Try to read $_SESSION with session_start(). decryption will fail and no session data will be displayed. The content in the session file is deleted due to the saving of an empty session. 8. Write session data again. This time the session data is stored unencrypted. 9. Restart the system with apache2ctl stop, apache2ctl start. Now the system can't read the unencrypted session data and the data is erased again. The problem only occurs with php5-xcache installed. -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-042stab048.1 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Shell: /bin/sh linked to /bin/dash Versions of packages php5-suhosin depends on: ii libapache2-mod-php5 [ph 5.3.3-7+squeeze6 server-side, HTML-embedded scripti ii libc6 2.11.3-2 Embedded GNU C Library: Shared lib ii php5-cli [phpapi-200906 5.3.3-7+squeeze6 command-line interpreter for the p php5-suhosin recommends no packages. php5-suhosin suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
