Notice (Re: [SECURITY] [DSA 531-1] New php4 packages ..)
When doing the usual "apt-get upgrade" on the security sources.list,
these packets "want" to be installed:
(both with mtime july 22th)
Whereas in this advisory, these are the respective checksums:
Size/MD5 checksum: 376838 0faa6391096915c65f1f724b651241f5
Size/MD5 checksum: 582310 fcaf92f17db9813ab02fd7fbafef9dff
My buddy has looked up "3b6588b6fa8f873b9a7e49c1fcbb0c72" in google
and has found:
which when checked with gpg gives:
gpg: Signature made Thu Jul 22 11:42:37 2004 MEST using DSA key ID C6CEA0C9
gpg: Good signature from "Adam Conrad <firstname.lastname@example.org>"
gpg: aka "Adam Conrad <email@example.com>"
Primary key fingerprint: C8B2 CB3E 3225 49BB 5ED2 0002 BE3C ED47 C6CE A0C9
(Looking for some evidence that this is the valid key of the
maintainer, I've found
has been signed with that same key, ok.)
So in the end this just means that a new security release has been
made without a new advisory, and you should check the signatures
yourself - consider this email as little help on the way to establish
your own trust chain..