Package: php4 Version: 4:4.3.10-16 Severity: normal A recent security focus newsletter updated this issue which was announced back in October. However I couldn't find a debian bug report specific to this, and the changelog in sarge doesn't mention 2005-3388.
I saw it at: http://www.securityfocus.com/bid/15248 Initial report is at: http://www.securityfocus.com/archive/1/415292. Discovered by Stefan Esser. Apparently it was fixed in 4.4.1, and 5.1. -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686-smp Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1) Versions of packages php4 depends on: ii libapache-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-common 4:4.3.10-16 Common files for packages built fr -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]