Bug#734565: mapserver: CVE-2013-7262
Salvatore Bonaccorso
carnil at debian.org
Wed Jan 8 09:09:30 UTC 2014
Hi Bas,
On Wed, Jan 08, 2014 at 08:40:35AM +0100, Sebastiaan Couwenberg wrote:
> On 01/08/2014 08:25 AM, Salvatore Bonaccorso wrote:
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> The new mapserver packages were prepared before the CVE was available.
>
> > Please adjust the affected versions in the BTS as needed, at least
> > unstable from looking at source seems affected.
>
> Unstable is no longer affect with the upload of mapserver 6.4.1, wheezy
> and squeeze still are, but the proposed updates for both are waiting for
> feedback from the release team:
>
> Bug#734099: pu: package mapserver/6.0.4-1
> Bug#734118: opu: package mapserver/5.6.9-1
Could you clarify if second commit referenced in
https://github.com/mapserver/mapserver/issues/4834
(WFS-2 specific fixes for postgis time sql injections (#4834,#4815))
is also needed? Is this relevant for Debian?
Thanks for your work, and regards,
Salvatore
More information about the Pkg-grass-devel
mailing list