Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
Matt Zimmerman <mdz@debian.org> writes:
> Package : php4
> Vulnerability : several
> Problem-Type : remote
> Debian-specific: no
> CVE Ids : CAN-2004-0594 CAN-2004-0595
>
> [...]
>
> For the current stable distribution (woody), these problems have been
> fixed in version 4.1.2-7.
Why has a new Debian version been introduced? Previous security fixes
followed a numbering scheme 4.1.2-6woody$i, the last version being
4.1.2-6woody3.
Moreover, php4-curl 4.1.2-7 depends on libcurl2-ssl, where php4-curl
4.1.2-6woody3 depended on libcurl2. I haven't seen anything break on
my machines so far, but I consider this a substantial change for which
I see no connection to the security fixes.
-Hilko
Reply to: