Your message dated Fri, 26 Oct 2012 09:34:19 +0000 with message-id <e1trgj1-0005xy...@franck.debian.org> and subject line Bug#690413: fixed in php5 5.4.4-8 has caused the Debian Bug report #690413, regarding PHP source disclosure after dist-upgrade from squeeze to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 690413: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=690413 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: libapache2-mod-php5filter Version: 5.4.4-7 Severity: grave File: /etc/apache2/mods-available/php5filter.conf Tags: security Hi, I just tested a dist-upgrade from squeeze -> wheezy on a system that was using libapache2-mod-php5 to run conventionally-named .php scripts. Immediately after upgrading, the source code of a file named index.php would be served as text, instead being executed as a PHP script. Obviously this is related to the MIME type change. But the FilesMatch statements in /etc/apache2/mods-enabled/php5filter.conf didn't seem to have any effect. This was apparently due to the <IfModule mod_php5.c> clause not matching; I commented out the IfModule lines in that file, and then it worked as intended. I'm not sure why that might be (is the php5 filter module named something other than mod_php5.c now?) but I wonder if it is safer to just omit the IfModule clause, because the existence of the php5filter.conf file already implies that mod_php5 is loaded. Filing with RC-severity because AFAIK this breaks a mod_php5-based webserver on upgrade, and discloses potentially sensitive source code. Thanks. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing') Architecture: kfreebsd-amd64 (x86_64) Kernel: kFreeBSD 9.0-2-amd64 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages libapache2-mod-php5filter depends on: ii apache2-mpm-prefork 2.2.22-11 ii apache2.2-common 2.2.22-11 ii libbz2-1.0 1.0.6-4 ii libc0.1 2.13-35 ii libcomerr2 1.42.5-1 ii libdb5.1 5.1.29-5 ii libgssapi-krb5-2 1.10.1+dfsg-2 ii libk5crypto3 1.10.1+dfsg-2 ii libkrb5-3 1.10.1+dfsg-2 ii libmagic1 5.11-2 ii libonig2 5.9.1-1 ii libpcre3 1:8.30-5 ii libqdbm14 1.8.78-2 ii libssl1.0.0 1.0.1c-4 ii libxml2 2.8.0+dfsg1-5 ii mime-support 3.52-1 ii php5-common 5.4.4-7 ii tzdata 2012c-1 ii ucf 3.0025+nmu3 ii zlib1g 1:1.2.7.dfsg-13 libapache2-mod-php5filter recommends no packages. Versions of packages libapache2-mod-php5filter suggests: pn php-pear <none> -- no debconf information
--- End Message ---
--- Begin Message ---Source: php5 Source-Version: 5.4.4-8 We believe that the bug you reported is fixed in the latest version of php5, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 690...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ondřej Surý <ond...@debian.org> (supplier of updated php5 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 25 Oct 2012 13:23:08 +0200 Source: php5 Binary: php5 php5-common libapache2-mod-php5 libapache2-mod-php5filter php5-cgi php5-cli php5-fpm libphp5-embed php5-dev php5-dbg php-pear php5-curl php5-enchant php5-gd php5-gmp php5-imap php5-interbase php5-intl php5-ldap php5-mcrypt php5-mysql php5-mysqlnd php5-odbc php5-pgsql php5-pspell php5-recode php5-snmp php5-sqlite php5-sybase php5-tidy php5-xmlrpc php5-xsl Architecture: source amd64 all Version: 5.4.4-8 Distribution: unstable Urgency: low Maintainer: Debian PHP Maintainers <pkg-php-ma...@lists.alioth.debian.org> Changed-By: Ondřej Surý <ond...@debian.org> Description: libapache2-mod-php5 - server-side, HTML-embedded scripting language (Apache 2 module) libapache2-mod-php5filter - server-side, HTML-embedded scripting language (apache 2 filter mo libphp5-embed - HTML-embedded scripting language (Embedded SAPI library) php-pear - PEAR - PHP Extension and Application Repository php5 - server-side, HTML-embedded scripting language (metapackage) php5-cgi - server-side, HTML-embedded scripting language (CGI binary) php5-cli - command-line interpreter for the php5 scripting language php5-common - Common files for packages built from the php5 source php5-curl - CURL module for php5 php5-dbg - Debug symbols for PHP5 php5-dev - Files for PHP5 module development php5-enchant - Enchant module for php5 php5-fpm - server-side, HTML-embedded scripting language (FPM-CGI binary) php5-gd - GD module for php5 php5-gmp - GMP module for php5 php5-imap - IMAP module for php5 php5-interbase - interbase/firebird module for php5 php5-intl - internationalisation module for php5 php5-ldap - LDAP module for php5 php5-mcrypt - MCrypt module for php5 php5-mysql - MySQL module for php5 php5-mysqlnd - MySQL module for php5 (Native Driver) php5-odbc - ODBC module for php5 php5-pgsql - PostgreSQL module for php5 php5-pspell - pspell module for php5 php5-recode - recode module for php5 php5-snmp - SNMP module for php5 php5-sqlite - SQLite module for php5 php5-sybase - Sybase / MS SQL Server module for php5 php5-tidy - tidy module for php5 php5-xmlrpc - XML-RPC module for php5 php5-xsl - XSL module for php5 Closes: 687031 690173 690413 Changes: php5 (5.4.4-8) unstable; urgency=low . * Remove IfModule to always interpret PHP if the module is enabled (Closes: #690413) * Fix extended DES crypt() when salt != 9 (Closes: #687031) * Fix libphp5-embed linking (Closes: #690173): + Expose all installed (and not built time) SAPIs via php-config --php-sapis + Add /usr/lib/php5 to php-config --ldflags output to allow linking with libphp5.so + Remove useless libtool file in libphp5-embed * Add new lintian-overrides for libphp5-embed Checksums-Sha1: 407552a2a48c87e337a844eff98dee8238e2b092 3706 php5_5.4.4-8.dsc 95f806fa8434703fac9cbef5dc4e187b0f3f1423 194801 php5_5.4.4-8.diff.gz e9f2f1d90204572a405b106e56ebccd583709152 586004 php5-common_5.4.4-8_amd64.deb 5e7cd2ddc4d208ca4115f3ec2327b84808eaad9d 2663970 libapache2-mod-php5_5.4.4-8_amd64.deb 007975c5093c1c622666d2a43e1b75e5d5d7d885 2662646 libapache2-mod-php5filter_5.4.4-8_amd64.deb 953dc62f7586a1593d7216833c13ff0161ff837b 5098328 php5-cgi_5.4.4-8_amd64.deb fbd69f0185b7bc1dfd2426952479aa332b4cd3af 2556514 php5-cli_5.4.4-8_amd64.deb 4f2bf4aabd33be401317b21538a6dcfa6f3ad90e 2588054 php5-fpm_5.4.4-8_amd64.deb cfb5bb0ea42a82c6b84206a546693281f945375d 2660914 libphp5-embed_5.4.4-8_amd64.deb a50d726bb647eb58aed44d351f3a54ec9541e166 497872 php5-dev_5.4.4-8_amd64.deb 09a4526c89af975038384f7af1af6c7fd7209aae 15955740 php5-dbg_5.4.4-8_amd64.deb f2e11b2e89f678b0afed6c77b5e25e269fff2d95 29074 php5-curl_5.4.4-8_amd64.deb 4e7e59f40895b419ad1f48fbf9cde6216de829c6 9918 php5-enchant_5.4.4-8_amd64.deb 45e1da3e3958e221263693e0348099762853d35f 35690 php5-gd_5.4.4-8_amd64.deb 83899554ac2d7f2a383478bd014b5016a81c3da7 17152 php5-gmp_5.4.4-8_amd64.deb 49515b1bd09f999f35fb1e913d44f00a1320377e 35594 php5-imap_5.4.4-8_amd64.deb d9be968fe01fb601bf290c3c104c6d090762c5ec 49588 php5-interbase_5.4.4-8_amd64.deb fa7db45127836deee6b4994c9ed1bdb46bbd2d65 71956 php5-intl_5.4.4-8_amd64.deb bb1319ce53fc16e78fdd1b0a6d66e20058ff91c6 21752 php5-ldap_5.4.4-8_amd64.deb 80ab31aa709b4a4ab83549084d971a62a5e0df94 16074 php5-mcrypt_5.4.4-8_amd64.deb 9534f317432e60a14f97afa53f6807810ebdf440 80852 php5-mysql_5.4.4-8_amd64.deb 0c7c6b24b1df0d2d1fcc0f318e779672809585eb 162366 php5-mysqlnd_5.4.4-8_amd64.deb 40d1cda1c09a086afc9db65b19b22e1048804e2a 36640 php5-odbc_5.4.4-8_amd64.deb 8128f9b23ef3677087d45dd5edad7200e327654d 61434 php5-pgsql_5.4.4-8_amd64.deb 6b1d86127a44529eb7130a46afa1fc484bb20745 8888 php5-pspell_5.4.4-8_amd64.deb d2621c36ccddfd0ec4585780f81f625e577f2c10 5188 php5-recode_5.4.4-8_amd64.deb 8722a78dfab5a085a332fd4f72ece0c40c512fe0 21798 php5-snmp_5.4.4-8_amd64.deb 9c487dbf35ba167b2f00f8afc81f7dd98fbc77bc 30342 php5-sqlite_5.4.4-8_amd64.deb 9ac1a4f9050db6413a92e0c8a77542d6ca7bdbf4 28168 php5-sybase_5.4.4-8_amd64.deb 45f316aa6679612c5cfc1014c2242dd2b2af4b59 19586 php5-tidy_5.4.4-8_amd64.deb be64c4c6373c1138d5ce823863578b97399d9660 36276 php5-xmlrpc_5.4.4-8_amd64.deb 607d76a637bd6ab1074e082d2ea03f9ceb0cc433 15404 php5-xsl_5.4.4-8_amd64.deb 1e545a0871b49cadc23240141be51394bb979ca1 1020 php5_5.4.4-8_all.deb 7a5fa661750abde56dc80f541375eea860c78a58 367336 php-pear_5.4.4-8_all.deb Checksums-Sha256: 5473b81f4ccad372cc72e35bfbda59839a00669658b5015be3ba00a50533b32e 3706 php5_5.4.4-8.dsc b65f46c83b3a0eb7163f7e8f399c133f7e9389880fc98d103e4d266ca6f195f2 194801 php5_5.4.4-8.diff.gz cff71419eb777048f75c0039dc7c0444a3b20d5cd7ea85f0d11de108130c60b7 586004 php5-common_5.4.4-8_amd64.deb 90440187145f26f42b343d4550d775ba23a9480dc1a4220b7f904edbb8152220 2663970 libapache2-mod-php5_5.4.4-8_amd64.deb bc82b937b8c3cb822a0d0cae29fd65565a5cfa313e464e04f9ad986d40cb583a 2662646 libapache2-mod-php5filter_5.4.4-8_amd64.deb 239fe3a5f14310e658761c0ee2c720e02cd6f6dd06a0f8d5e2daa9ece25f6735 5098328 php5-cgi_5.4.4-8_amd64.deb 6e6e7327c65c7f911bad06da5d8b17477c65d0d7b5ac7fbf5bbaa10352a50380 2556514 php5-cli_5.4.4-8_amd64.deb 83be8eacd9b40e19c3a95cf1a34df8cbdf1a2396c0c27ec9f7c61e5ea1c52376 2588054 php5-fpm_5.4.4-8_amd64.deb bf28ed67bf35d9f8b5058bebdc876f47f93906a7bac3062d671eae434563dc6a 2660914 libphp5-embed_5.4.4-8_amd64.deb 7403e18f3d03133360b01428af196e55f47ddb4acad27ce2be41ce19d10a99c8 497872 php5-dev_5.4.4-8_amd64.deb ebcfff61081ff0b8bc7132b1f8a13911bd559967a49c6a1a24495d0c8fd70fbd 15955740 php5-dbg_5.4.4-8_amd64.deb 2fb6b7f4807f3854999dbbb32717f952ea202bae17c9795bed26feccaf1ebd9b 29074 php5-curl_5.4.4-8_amd64.deb 5b9ad442a8b22b7137dbfdc180a7bed4f1c3c4c9ffd00d2871ce0644ab91db5a 9918 php5-enchant_5.4.4-8_amd64.deb b1374c27bcfff22aec1d1f0132dd10964e828210a4134be715cd026a60875b04 35690 php5-gd_5.4.4-8_amd64.deb 90805f874c0f3b6f923fc1331267fb2dbe867252230ab3a8bb884872150d1e35 17152 php5-gmp_5.4.4-8_amd64.deb b95e9337bdbb77fd2050c301699781e8b534c66c696271094c78618e75e40ae6 35594 php5-imap_5.4.4-8_amd64.deb 9234fb00592d15170ac14239542837630df3f3c1c77e0ac4061ea6fc2b5ac816 49588 php5-interbase_5.4.4-8_amd64.deb f58ff732467f2652ca6b6ba025b225736ee2c4cf54bef67fc130a6aa7f46cf6c 71956 php5-intl_5.4.4-8_amd64.deb 60ce80a96b0d14f94ab4b19a70f5cbb637f5943c7ee3dcab1937d6c07c83aabf 21752 php5-ldap_5.4.4-8_amd64.deb 025d8264b96bc2fcde01688d475dd1b95d42f5378aa379adddfcb6815cf1aafa 16074 php5-mcrypt_5.4.4-8_amd64.deb 6729bcdddb7ed6ef66f30639874042a8fb5033c762b7b77ac0a42d41105724a0 80852 php5-mysql_5.4.4-8_amd64.deb b32f6b5b168ab7e332c209f60999d32b48ea33ffbcb6b8d4ed70ad0b29b8a799 162366 php5-mysqlnd_5.4.4-8_amd64.deb d061998bddb03f79805558a3164de19fa4f2f22d872f04802baa214758a27162 36640 php5-odbc_5.4.4-8_amd64.deb 87f58e47f3e3cc5a4f1134991b377291d8647149649bcbe37bf6467d4d379626 61434 php5-pgsql_5.4.4-8_amd64.deb d6b3827bf24d05c5c1c5b20c7fc134eeb243abc0d3cfe7092700320c7b439d60 8888 php5-pspell_5.4.4-8_amd64.deb d24f64845e601db2035e91897861b0428555709b2ae58dd33cfad476c27cf2c3 5188 php5-recode_5.4.4-8_amd64.deb edd612ca0a0709bfdc513398d132bc3aee861b60559ec1b19869868ec2cdb33d 21798 php5-snmp_5.4.4-8_amd64.deb 82e9f01597471789740cb1ce73823d089428bbd6f81c074b0426fd1c92a11fc0 30342 php5-sqlite_5.4.4-8_amd64.deb dd1ad52fc91db7a5baccb9ab1eaef2564a7bbdfdc0c837da7462a09779670c7b 28168 php5-sybase_5.4.4-8_amd64.deb 10ba9a15a6501b7fac062a9017f45a0d2403a3e93e098b1c87d813c50504d0d6 19586 php5-tidy_5.4.4-8_amd64.deb 0a8907584121959d7160e48f7c73e6473cf3cccd88eac11d39959f9beaf75c81 36276 php5-xmlrpc_5.4.4-8_amd64.deb a13859440d05e79ce03415eb154d081b182f62f19d64d9270f7b205b2ec9a321 15404 php5-xsl_5.4.4-8_amd64.deb daac7171ad8e465ad9acca746af01e9e0ef46eca217d65b218231aa8e4e034b5 1020 php5_5.4.4-8_all.deb 3f462660588875fe1606d5a0dad840438227bcc4643024d4b24e1340dae69e3a 367336 php-pear_5.4.4-8_all.deb Files: 20986d5bb38e6f556ee009b8955f051b 3706 php optional php5_5.4.4-8.dsc 6702738d95ffcbe40edd50e724057656 194801 php optional php5_5.4.4-8.diff.gz 087ca2d29d763b04c9a99e871d67bc5f 586004 php optional php5-common_5.4.4-8_amd64.deb 25efa3342c70ab89bf59aff13392eeb9 2663970 httpd optional libapache2-mod-php5_5.4.4-8_amd64.deb 5635093755648517bf3709a591d73ca9 2662646 httpd extra libapache2-mod-php5filter_5.4.4-8_amd64.deb 76ac5722d020c4b7e4a8fe5ad289ec82 5098328 php optional php5-cgi_5.4.4-8_amd64.deb d4242cb1aaf258d6e19cd964b84c0686 2556514 php optional php5-cli_5.4.4-8_amd64.deb 72646db6c2e14f41aa35c93ca8bc17e5 2588054 php optional php5-fpm_5.4.4-8_amd64.deb ba74670ecb9f59badb76593e587fce3c 2660914 php optional libphp5-embed_5.4.4-8_amd64.deb 88c708f59f4578b58df2e30f8913f0c7 497872 php optional php5-dev_5.4.4-8_amd64.deb 787e5196645b0b8626b5f066ceda76c8 15955740 debug extra php5-dbg_5.4.4-8_amd64.deb 2d4232366f511cf01c49766297d9060d 29074 php optional php5-curl_5.4.4-8_amd64.deb 9f5f937b2774d79ffc6f56c8fc6741b8 9918 php optional php5-enchant_5.4.4-8_amd64.deb eb11d98d484f3e6017b47a2218aeed37 35690 php optional php5-gd_5.4.4-8_amd64.deb c64b4fd6e399082029989ccc8fd614d3 17152 php optional php5-gmp_5.4.4-8_amd64.deb eeda9af5e5ddff9f6d07454d8cad3fb8 35594 php optional php5-imap_5.4.4-8_amd64.deb ba8130df255f9bf24354f1ecf89aca16 49588 php optional php5-interbase_5.4.4-8_amd64.deb 47331b57352acc876f782afd3a5c914c 71956 php optional php5-intl_5.4.4-8_amd64.deb 69665f6df931d975949b7bd84bcd7813 21752 php optional php5-ldap_5.4.4-8_amd64.deb 7a2eb6865cf594058acb09dcfa34e8e2 16074 php optional php5-mcrypt_5.4.4-8_amd64.deb 921dfbe522e789996101cf780aedcb3f 80852 php optional php5-mysql_5.4.4-8_amd64.deb a09c759837557cdf6829e012708f7cc2 162366 php extra php5-mysqlnd_5.4.4-8_amd64.deb 383fa57b4bce5376670fcbcbc914cfc0 36640 php optional php5-odbc_5.4.4-8_amd64.deb ff9409c686668f3d9705d883c442114e 61434 php optional php5-pgsql_5.4.4-8_amd64.deb a2dc68e5e74d26233027cb9d5b41aba2 8888 php optional php5-pspell_5.4.4-8_amd64.deb 01ab554c08049e2226e12eed78c42f7e 5188 php optional php5-recode_5.4.4-8_amd64.deb 0dd0f3a5129331c514f3308344bff994 21798 php optional php5-snmp_5.4.4-8_amd64.deb 0d3ecb6e1c9947b731123e103b0888ab 30342 php optional php5-sqlite_5.4.4-8_amd64.deb c96ce084a9bef88d40995531b9e84659 28168 php optional php5-sybase_5.4.4-8_amd64.deb c48161737adbe960d73c8003cbf73c2d 19586 php optional php5-tidy_5.4.4-8_amd64.deb 837c0481a777deccea1f7e840c57af30 36276 php optional php5-xmlrpc_5.4.4-8_amd64.deb da14d889c918f39ff5514dfca09461d8 15404 php optional php5-xsl_5.4.4-8_amd64.deb 7aaec0e743f2bf8d02b981cc7d849ecf 1020 php optional php5_5.4.4-8_all.deb 18c4325191a27d13e6e2b3eebd65fefa 367336 php optional php-pear_5.4.4-8_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlCKVa8ACgkQ9OZqfMIN8nOSFwCgrKjXJW+box0PY54VbtRaNNEH WgMAoJCsxHQttg8KvGlYsOE14YZxEAor =xqfl -----END PGP SIGNATURE-----
--- End Message ---
