Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
Matt Zimmerman <firstname.lastname@example.org> writes:
> Package : php4
> Vulnerability : several
> Problem-Type : remote
> Debian-specific: no
> CVE Ids : CAN-2004-0594 CAN-2004-0595
> For the current stable distribution (woody), these problems have been
> fixed in version 4.1.2-7.
Why has a new Debian version been introduced? Previous security fixes
followed a numbering scheme 4.1.2-6woody$i, the last version being
Moreover, php4-curl 4.1.2-7 depends on libcurl2-ssl, where php4-curl
4.1.2-6woody3 depended on libcurl2. I haven't seen anything break on
my machines so far, but I consider this a substantial change for which
I see no connection to the security fixes.