Re: CAN-2004-1018, CAN-2004-1019 fixed in php4 (4:4.3.10-1), no DSA?

To: Bob Tanner <tanner@real-time.com>
Cc: debian-security@lists.debian.org
Subject: Re: CAN-2004-1018, CAN-2004-1019 fixed in php4 (4:4.3.10-1), no DSA?
From: Joey Hess <joeyh@debian.org>
Date: Fri, 17 Dec 2004 13:51:55 -0500
Message-id: <[🔎] 20041217185155.GC9218@kitenet.net>
Mail-followup-to: Bob Tanner <tanner@real-time.com>, debian-security@lists.debian.org
In-reply-to: <[🔎] 200412171235.01941@www.mn-linux.org.or.transmuter.real-time.com>
References: <[🔎] 200412171235.01941@www.mn-linux.org.or.transmuter.real-time.com>

Bob Tanner wrote:
> I see CAN-2004-1018, CAN-2004-1019 are fixed in php4 (4:4.3.10-1) which is in 
> unstable.
> 
> Wondering why I haven't seen a DSA for it yet.

CAN-2004-1018 is a rejected CAN. CAN-2004-1019 is marked as reserved in
mitre's database with no other info. Same for all the other CANs fixed
in the new php4 releases, they're all rejected or reserved. Rather strange..

Anyway, I suppose the delay with the stable package has somthing to do
with the advisory being released on Wednesday, and any of these CANs
that are real holes needing to be backported to the old version of php4
in stable.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- CAN-2004-1018, CAN-2004-1019 fixed in php4 (4:4.3.10-1), no DSA?
  - From: Bob Tanner <tanner@real-time.com>

Prev by Date: CAN-2004-1018, CAN-2004-1019 fixed in php4 (4:4.3.10-1), no DSA?
Next by Date: php vulnerability
Previous by thread: CAN-2004-1018, CAN-2004-1019 fixed in php4 (4:4.3.10-1), no DSA?
Next by thread: php vulnerability
Index(es):
- Date
- Thread