[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities

Matt Zimmerman <mdz@debian.org> writes:

> Package        : php4
> Vulnerability  : several
> Problem-Type   : remote
> Debian-specific: no
> CVE Ids        : CAN-2004-0594 CAN-2004-0595
> [...]
> For the current stable distribution (woody), these problems have been
> fixed in version 4.1.2-7.

Why has a new Debian version been introduced? Previous security fixes
followed a numbering scheme 4.1.2-6woody$i, the last version being

Moreover, php4-curl 4.1.2-7 depends on libcurl2-ssl, where php4-curl
4.1.2-6woody3 depended on libcurl2. I haven't seen anything break on
my machines so far, but I consider this a substantial change for which
I see no connection to the security fixes.


Reply to: