Published a slightly improved version now:
https://gitweb.gentoo.org/proj/gentoo-news.git/tree/2015/2015-04-06-apache-addhandler-addtype
If there's anything wrong with it, please mail me directly (or put me in
CC) so there is zero chance of slipping through. Thanks!
Best,
Sebastian
Next round:
* Recipe for handling \.(php|php5|phtml|phps)\. manually added
* AddType (with similar problems) mentioned, too
* Typo momment fixed
(* Internel revision bump to 3, will be committed as revision 1)
(* Date bumped to today)
(* Links renumbered due to new link [2])
On 03/26/2015 12:56 PM, Sebastian Pipping wrote:
Why this news entry?
The most important reason is missing =)
If you are relying on the AddHandler behavior to execute
secret_database_stuff.php.inc, then once the change is made, Apache will
begin serving up your database credentials in plain
Hi!
In context of
https://bugs.gentoo.org/show_bug.cgi?id=538822
mjo and agreed that a portage news item would be a good idea.
Please review my proposal below. Thank you!
Best,
Sebastian
===
Title: Apache AddHandler vulnerability
* Sebastian Pipping schrieb am 26.03.15 um 19:15 Uhr:
As of the momment, affected packages include:
^
Typo
--
0x35A64134 - 8AAC 5F46 83B4 DB70 8317
3723 296C 6CCA 35A6 4134
signature.asc
Description: Digital signature
On 26.03.2015 18:02, Michael Orlitzky wrote:
The most important reason is missing =)
If you are relying on the AddHandler behavior to execute
secret_database_stuff.php.inc, then once the change is made, Apache will
begin serving up your database credentials in plain text.
Good point.
On 26.03.2015 20:50, Marc Schiffbauer wrote:
* Sebastian Pipping schrieb am 26.03.15 um 19:15 Uhr:
As of the momment, affected packages include:
^ Typo
Thanks. Fixed in my local copy. No need to re-paste, I believe.
Best,
Sebastian
