[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities

Matt Zimmerman <mdz@debian.org> writes:

> On Thu, Jul 22, 2004 at 04:25:30PM +0200, Hilko Bengen wrote:
>> Why has a new Debian version been introduced? Previous security
>> fixes followed a numbering scheme 4.1.2-6woody$i, the last version
>> being 4.1.2-6woody3.
> That scheme is used for non-maintainer uploads. The maintainer
> prepared this package, however, and chose to use 4.1.2-7.

This is the first time I noticed the Debian version being bumped... I
see a potential (general) problem with this: 4.1.2-7 might have
existed in both Woody and Sarge and reflected different states of the
package in each distribution. 

I haven't checked whether this has been the case and, given that PHP
has evolved quite a bit since Woody was released, it might not have
mattered much in this particular case. But if Debian manages to
release more often in the future and less-frequently updated packages
are treated like this, we might run into confusion.

Reply to: