Package: libapache2-mod-php5 Severity: wishlist
Hi, while revisiting the latest Typo3 problem, I found that Debian ships with allow_url_fopen = On I suggest that this be changed to allow_url_fopen = Off to reduce the change of PHP applications being exploited, and, if you really need to, place a big flashing warning around it to warn users from changing it to "On" again. Kind regards, --Toni++ -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (990, 'testing'), (250, 'unstable'), (50, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.32-4-686-bigmem (SMP w/4 CPU cores) Locale: LANG=de_DE.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages libapache2-mod-php5 depends on: pn apache2-mpm-pre <none> (no description available) ii apache2.2-commo 2.2.15-3 Apache HTTP Server common files ii libbz2-1.0 1.0.5-4 high-quality block-sorting file co ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libcomerr2 1.41.11-1 common error description library ii libdb4.6 4.6.21-16 Berkeley v4.6 Database Libraries [ ii libkrb53 1.6.dfsg.4~beta1-5lenny2 MIT Kerberos runtime libraries ii libmagic1 5.04-2 File type determination library us ii libpcre3 7.8-3 Perl 5 Compatible Regular Expressi ii libssl0.9.8 0.9.8n-1 SSL shared libraries ii libxml2 2.7.7.dfsg-2 GNOME XML library ii mime-support 3.48-1 MIME files 'mime.types' & 'mailcap ii php5-common 5.3.2-1 Common files for packages built fr ii tzdata 2010i-1 time zone and daylight-saving time ii ucf 3.0025 Update Configuration File: preserv ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime libapache2-mod-php5 recommends no packages. Versions of packages libapache2-mod-php5 suggests: ii php-pear 5.3.2-1 PEAR - PHP Extension and Applicati -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org