Package: phpldapadmin
Version: 1.2.0.5-1
Severity: serious
Tags: security
Justification: requiring rg on not supported by security team
Hi,
The file debian/conf/apache.conf sets PHP's register_globals setting to On:
php_flag register_globals On
The Debian Security Team does not support configurations that require this
dangerous setting to be on. For the record, the setting has defaulted to
off in PHP since years and has been deprecated by PHP upstream.
I cannot find a requirement in the upstream documentation that this
setting needs to be on, so probably it can just be removed from the
shipped config file.
Cheers,
Thijs
-- System Information:
Debian Release: 5.0.5
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
