Thank you for taking the time to file this report and helping to make Ubuntu better.
I think I can reproduce the behaviour you're seeing, but I don't think this is a bug.
If I use "apt-get install php5" after the security update has appeared, then I see the behaviour you describe. But this is not the recommended way of installing security updates.
Instead, you should use "apt-get dist-upgrade" to get all relevant updates. If you want to be very specific about what you want installed, then you should use apt pinning, or specifically state "apt-get install php5 php5-cgi" to specify the alternate dependency specifically, to avoid pulling in libapache2-mod-php5.
Since I don't think this is a bug in Ubuntu, I'm marking this bug as Invalid. If you disagree, please explain and then change the bug status back to New.
Thank you for taking the time to file this report and helping to make Ubuntu better.
I think I can reproduce the behaviour you're seeing, but I don't think this is a bug.
If I use "apt-get install php5" after the security update has appeared, then I see the behaviour you describe. But this is not the recommended way of installing security updates.
Instead, you should use "apt-get dist-upgrade" to get all relevant updates. If you want to be very specific about what you want installed, then you should use apt pinning, or specifically state "apt-get install php5 php5-cgi" to specify the alternate dependency specifically, to avoid pulling in libapache2- mod-php5.
Since I don't think this is a bug in Ubuntu, I'm marking this bug as Invalid. If you disagree, please explain and then change the bug status back to New.