[Git][security-tracker-team/security-tracker][master] Reserve DLA-4506-1 for mapserver
Guilhem Moulin (@guilhem)
guilhem at debian.org
Mon Mar 23 06:44:56 GMT 2026
Guilhem Moulin pushed to branch master at Debian Security Tracker / security-tracker
Commits:
aab02e42 by Guilhem Moulin at 2026-03-23T07:43:04+01:00
Reserve DLA-4506-1 for mapserver
- - - - -
3 changed files:
- data/CVE/list
- data/DLA/list
- data/dla-needed.txt
Changes:
=====================================
data/CVE/list
=====================================
@@ -71917,7 +71917,6 @@ CVE-2025-59431 (MapServer is a system for developing web-based GIS applications.
- mapserver 8.4.1-1
[trixie] - mapserver 8.4.0-4+deb13u1
[bookworm] - mapserver <no-dsa> (Minor issue)
- [bullseye] - mapserver <postponed> (Minor issue)
NOTE: https://github.com/MapServer/MapServer/security/advisories/GHSA-256m-rx4h-r55w
NOTE: https://github.com/MapServer/MapServer/commit/aaeedcdabd1cca4b0f1e94cdcd5e48922d97dd00 (main)
NOTE: https://github.com/MapServer/MapServer/commit/1c73acaa2d7a8b1d3955f076186e57fc8c06e0c6 (rel-8-4-1)
@@ -446166,7 +446165,6 @@ CVE-2021-32063
CVE-2021-32062 (MapServer before 7.0.8, 7.1.x and 7.2.x before 7.2.3, 7.3.x and 7.4.x ...)
[experimental] - mapserver 7.6.3-1~exp1
- mapserver 7.6.2-2 (bug #988208)
- [bullseye] - mapserver <ignored> (Minor issue; #988224)
[buster] - mapserver <no-dsa> (Minor issue; will be fixed via point release)
[stretch] - mapserver <postponed> (Minor issue; can be fixed in next update)
NOTE: https://github.com/mapserver/mapserver/issues/6313
=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[23 Mar 2026] DLA-4506-1 mapserver - security update
+ {CVE-2021-32062 CVE-2025-59431}
+ [bullseye] - mapserver 7.6.2-1+deb11u1
[23 Mar 2026] DLA-4505-1 ruby-rack - security update
{CVE-2026-22860 CVE-2026-25500}
[bullseye] - ruby-rack 2.1.4-3+deb11u5
=====================================
data/dla-needed.txt
=====================================
@@ -265,11 +265,6 @@ linux (Ben Hutchings)
lrzip
NOTE: 20260216: Added by Front-Desk (rouca)
--
-mapserver (guilhem)
- NOTE: 20260103: Added by Front-Desk (Beuc)
- NOTE: 20260103: Follow fixes from trixie 13.12 / #1116386 (1 CVE) (Beuc/front-desk)
- NOTE: 20260108: Massive code change, by default does not rebuild lexer (rouca)
---
mbedtls (andrewsh)
NOTE: 20251102: Added by Front-Desk (apo)
NOTE: 20251220: CVE-2025-59438 is part in code not in bullseye, part in code where fix may
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab02e4217ce664737433f643e032dd0c5c97571
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/aab02e4217ce664737433f643e032dd0c5c97571
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260323/e7cb9a3d/attachment-0001.htm>
More information about the debian-security-tracker-commits
mailing list