Bug#734118: opu: package mapserver/5.6.9-1
Bas Couwenberg
sebastic at xs4all.nl
Fri Jan 3 23:00:58 UTC 2014
Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: opu
Dear Release Team,
The MapServer project has released stable updates for every major
release from 5.6.x up fixing a security issue which allows a potential
leakage of information through an SQL injection when using TIME filtering in
conjunction with PostGIS backends. More information can be found in the
dedicated upstream issue: #4834
https://github.com/mapserver/mapserver/issues/4834
I've updated the MapServer package for squeeze to the latest stable
upstream release of the 5.6 series: 5.6.9. This release includes more
fixes than just for the security issues. See the upstream changelog for
a complete list:
http://anonscm.debian.org/gitweb/?p=pkg-grass/mapserver.git;a=blob;f=HISTORY.TXT;h=b578152815034f6d5c82e06b16fba36cec27c978;hb=7548e9365a291a7cfcd170aede0df764e9fb0a48
Would this be acceptable for squeeze-proposed-updates, or must I really
only backport the security fixes for 5.6.5-2+squeeze3?
The current changelog for the UNRELEASED version is:
* New upstream release. Contains multiple security and stability fixes.
* Add myself to uploaders.
* Refresh symbol_index_overflow.dpatch, partially applied upstream.
* Drop 01_wfs_sql_injection.dpatch, applied upstream.
* Remove debhelper log files to allow clean builds.
Kind Regards,
Bas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mapserver_5.6.5-2+squeeze2_5.6.9-1.debdiff
Type: text/x-diff
Size: 1714207 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20140104/313f4ddd/attachment-0001.diff>
More information about the Pkg-grass-devel
mailing list