Bug#734099: pu: package mapserver/6.0.4-1
Bas Couwenberg
sebastic at xs4all.nl
Fri Jan 3 19:53:19 UTC 2014
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: pu
Dear Release Team,
The MapServer project has released stable updates for every major
release from 5.6.x up fixing a security issue which allows a potential
leakage of information through an SQL injection when using TIME filtering in
conjunction with PostGIS backends. More information can be found in the
dedicated upstream issue: #4834
https://github.com/mapserver/mapserver/issues/4834
I've updated the MapServer package for wheezy to the latest stable
upstream release of the 6.0 series: 6.0.4. This release includes more
fixes than just for the security issues. See the upstream changelog for
a complete list:
http://anonscm.debian.org/gitweb/?p=pkg-grass/mapserver.git;a=blob;f=HISTORY.TXT;h=5a931d18c3e5c0ca603d32a56a025f62d5735c29;hb=0ff020ce9ff9b8fe712f98b734bfdfa4638bff1b
Would this be acceptable for wheezy-proposed-updates, or must I really
only backport the security fixes for 6.0.1-3.2+deb7u2?
The current changelog for the UNRELEASED version is:
* New stable upstream release. Contains multiple security fixes.
* Refresh patches.
* Drop patch php54, applied upstream in modified form.
Kind Regards,
Bas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mapserver_6.0.1-3.2+deb7u1_6.0.4-1.debdiff
Type: text/x-diff
Size: 1916519 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20140103/b4e4eec3/attachment-0001.diff>
More information about the Pkg-grass-devel
mailing list