Your message dated Thu, 29 Jul 2010 11:32:37 +0000 with message-id <e1oerlp-00068u...@franck.debian.org> and subject line Bug#587536: fixed in phpldapadmin 1.2.0.5-1.1 has caused the Debian Bug report #587536, regarding phpldapadmin: ships Apache configuration setting PHP register_globals On to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 587536: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587536 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: phpldapadmin Version: 1.2.0.5-1 Severity: serious Tags: security Justification: requiring rg on not supported by security team Hi, The file debian/conf/apache.conf sets PHP's register_globals setting to On: php_flag register_globals On The Debian Security Team does not support configurations that require this dangerous setting to be on. For the record, the setting has defaulted to off in PHP since years and has been deprecated by PHP upstream. I cannot find a requirement in the upstream documentation that this setting needs to be on, so probably it can just be removed from the shipped config file. Cheers, Thijs -- System Information: Debian Release: 5.0.5 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 2.6.26-2-amd64 (SMP w/4 CPU cores) Locale: LANG=nl_NL.UTF-8, LC_CTYPE=nl_NL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash
--- End Message ---
--- Begin Message ---Source: phpldapadmin Source-Version: 1.2.0.5-1.1 We believe that the bug you reported is fixed in the latest version of phpldapadmin, which is due to be installed in the Debian FTP archive: phpldapadmin_1.2.0.5-1.1.diff.gz to main/p/phpldapadmin/phpldapadmin_1.2.0.5-1.1.diff.gz phpldapadmin_1.2.0.5-1.1.dsc to main/p/phpldapadmin/phpldapadmin_1.2.0.5-1.1.dsc phpldapadmin_1.2.0.5-1.1_all.deb to main/p/phpldapadmin/phpldapadmin_1.2.0.5-1.1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 587...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde <n...@debian.org> (supplier of updated phpldapadmin package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 27 Jul 2010 13:00:52 +0200 Source: phpldapadmin Binary: phpldapadmin Architecture: source all Version: 1.2.0.5-1.1 Distribution: unstable Urgency: high Maintainer: Fabio Tranchitella <kob...@debian.org> Changed-By: Nico Golde <n...@debian.org> Description: phpldapadmin - web based interface for administering LDAP servers Closes: 587536 Changes: phpldapadmin (1.2.0.5-1.1) unstable; urgency=high . * Non-maintainer upload by the Security Team. * Switch off register_globals in debian apache configuration, looking at the phpldapadmin changelog entries that contain fixes for bugs that appeared with register_globals off it seems it is intended to be able to work with that. Since this is a security problem and not supported by PHP since years this setting will now be changed (Closes: #587536). Checksums-Sha1: 8b4d6c67bbc67b2fa898d960ce6044f1cd65ec14 1040 phpldapadmin_1.2.0.5-1.1.dsc 09c2dd2f3021088803ed10eb223d6662bd80f1d9 23716 phpldapadmin_1.2.0.5-1.1.diff.gz acbb7620baae0ef40716a220ad4cef03a7703022 1275418 phpldapadmin_1.2.0.5-1.1_all.deb Checksums-Sha256: 4294b61e7108ea0891e41bd232efd0fdf6fc0428eee0fc4546859bae24fc468d 1040 phpldapadmin_1.2.0.5-1.1.dsc 7b85993b92e046780f5f5a1228383379dbdbc8cbf6b9f491cb5c88a864633b2c 23716 phpldapadmin_1.2.0.5-1.1.diff.gz 381c582886a58f656cfd4be6cddd785e9530e2f4c9439a03e3accd6fb19cb46d 1275418 phpldapadmin_1.2.0.5-1.1_all.deb Files: ced32211f6c71ff504ebabda0edbdfdc 1040 admin extra phpldapadmin_1.2.0.5-1.1.dsc f87d9d4bb12aedddd441625e44673bcf 23716 admin extra phpldapadmin_1.2.0.5-1.1.diff.gz a04c63928c63c9131fed1e4831aeaf21 1275418 admin extra phpldapadmin_1.2.0.5-1.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAkxOv/YACgkQHYflSXNkfP8AlQCdE23fS2ZmvN4cZB6KXF136/TR mx8An2E1cxqWhg5/e9Qxk4pIl+fERmMh =CPSB -----END PGP SIGNATURE-----
--- End Message ---
