--cDtQGJ/EJIRf/Cpq
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Hello,
On Wed, May 09, 2012 at 05:26:35PM +0100, Adam Spiers wrote:
> I see a couple of scans in my logs from a few days ago. Am I right in
> thinking the only Debian fix available is in sid?
I haven't looked into it much as I don't run PHP in CGI mode
anywhere (FastCGI is OK), but it seems that this is the case.
http://security-tracker.debian.org/tracker/CVE-2012-1823
Note that there is a workaround described in
> > http://blog.sucuri.net/2012/05/php-cgi-vulnerability-exploited-in-the-w=
ild.html
which blocks requests that have query strings that start with '-'.
Cheers,
Andy
--=20
http://bitfolk.com/ -- No-nonsense VPS hosting
--cDtQGJ/EJIRf/Cpq
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEAREDAAYFAk+qpJoACgkQIJm2TL8VSQuiuwCfRJ1msz7nofYsbJyyzrZK0xK2
OlcAoPbvrM4pednwn3j3HmHl1wBklebu
=E6Ug
-----END PGP SIGNATURE-----
--cDtQGJ/EJIRf/Cpq--
From ian@??? Wed May 09 17:18:05 2012
Received: from semi-divine.com ([85.119.83.38] helo=topcat.semi-divine.com)
by mail.bitfolk.com with esmtp (Exim 4.72)
(envelope-from <ian@???>) id 1SSAWb-0007Kb-9U
for users@???; Wed, 09 May 2012 17:18:05 +0000
Received: from mail-pz0-f48.google.com (mail-pz0-f48.google.com
[209.85.210.48])
by topcat.semi-divine.com (Postfix) with ESMTPSA id ABC1584492
for <users@???>; Wed, 9 May 2012 17:18:02 +0000 (UTC)
Received: by dadz8 with SMTP id z8so677924dad.21
for <users@li
