Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
From: Hilko Bengen <bengen@debian.org>
Date: Thu, 22 Jul 2004 16:25:30 +0200
Message-id: <[🔎] 873c3knmp1.fsf@ataraxia.int.hilluzination.de>
In-reply-to: <20040721024159.GP4090@mizar.alcor.net> (Matt Zimmerman's message of "Tue, 20 Jul 2004 19:41:59 -0700")
References: <20040721024159.GP4090@mizar.alcor.net>

Matt Zimmerman <mdz@debian.org> writes:

> Package        : php4
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE Ids        : CAN-2004-0594 CAN-2004-0595
>
> [...]
>
> For the current stable distribution (woody), these problems have been
> fixed in version 4.1.2-7.

Why has a new Debian version been introduced? Previous security fixes
followed a numbering scheme 4.1.2-6woody$i, the last version being
4.1.2-6woody3.

Moreover, php4-curl 4.1.2-7 depends on libcurl2-ssl, where php4-curl
4.1.2-6woody3 depended on libcurl2. I haven't seen anything break on
my machines so far, but I consider this a substantial change for which
I see no connection to the security fixes.

-Hilko

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: Re: Ihre Anfrage: Support-JOB 14077 -- WG: [mdz@debian.org: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities]
Next by Date: Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
Previous by thread: Re: Ihre Anfrage: Support-JOB 14077 -- WG: [mdz@debian.org: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities]
Next by thread: Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
Index(es):
- Date
- Thread