severity 661020 normal thanks Hi,
> From what I see the remote file inclusion is limited to environments with > register_globals being on though. I've investigated this issue. The vast majority of the mentioned 'attacks' evidently only possible through register_globals, and the one about 'create' is very vague and not reproducible for me. register_globals is in 2014 no longer anything that anyone should still be running, and is explicitly marked as unsupported for many releases now. Add to this that these kinds of tools are not normally operated by untrusted users or exposed to the internet. I'm downgrading the bug for now. It would be nice if the maintainer could comment on it. Cheers, Thijs -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
