On Thu, Jul 22, 2004 at 04:25:30PM +0200, Hilko Bengen wrote: > Matt Zimmerman <[EMAIL PROTECTED]> writes: > > > Package : php4 > > Vulnerability : several > > Problem-Type : remote > > Debian-specific: no > > CVE Ids : CAN-2004-0594 CAN-2004-0595 > > > > [...] > > > > For the current stable distribution (woody), these problems have been > > fixed in version 4.1.2-7. > > Why has a new Debian version been introduced? Previous security fixes > followed a numbering scheme 4.1.2-6woody$i, the last version being > 4.1.2-6woody3.
That scheme is used for non-maintainer uploads. The maintainer prepared this package, however, and chose to use 4.1.2-7. > Moreover, php4-curl 4.1.2-7 depends on libcurl2-ssl, where php4-curl > 4.1.2-6woody3 depended on libcurl2. I haven't seen anything break on > my machines so far, but I consider this a substantial change for which > I see no connection to the security fixes. This was an error in the build process, and is being corrected. -- - mdz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
