544576 – www-apache/mod_fastcgi: Uses insecure AddHandler directive

Bug 544576 - www-apache/mod_fastcgi: Uses insecure AddHandler directive

Summary: www-apache/mod_fastcgi: Uses insecure AddHandler directive

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	544560
	Show dependency tree

Reported:	2015-03-26 16:12 UTC by Sebastian Pipping
Modified:	2016-10-01 07:56 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Pipping gentoo-dev

2015-03-26 16:12:59 UTC

# fgrep -R AddHandler .
./files/20_mod_fastcgi.conf:AddHandler fastcgi-script fcg fcgi fpl

Please see bug #538822 for why that is a problem and for a proposed fixed.

Thank you!

Comment 1 Sebastian Pipping gentoo-dev

2016-08-10 18:59:56 UTC

I see these potential alternatives in Gentoo:

 * www-apache/mod_fcgid

 * APACHE2_MODULES=proxy_fcgi  or   www-apache/mod_proxy_fcgi

 * www-apache/mod_fastcgi_handler

As the fix is tricky, we may well just tree-clean this package?  It's not free software as I read the license, anyway.

Comment 2 Pacho Ramos gentoo-dev

2016-08-10 19:17:57 UTC

Yeah, treecleaners are already CCed in another bug related with this package, but I still didn't have time to treeclean it :| (of course, you are free to go ahead either masking this one for removal or, even better, joining treecleaners to help us)

Thanks

Comment 3 Pacho Ramos gentoo-dev

2016-10-01 07:56:05 UTC

removed