Bug#734829: pu: package mapserver/6.0.1-3.2+deb7u2

Bas Couwenberg sebastic at xs4all.nl
Fri Jan 10 03:51:28 UTC 2014


Package: release.debian.org
Severity: normal
User: release.debian.org at packages.debian.org
Usertags: pu

Dear Release Team,

The MapServer project has released stable updates for every major
release from 5.6.x up fixing a security issue which allows a potential
leakage of information through an SQL injection when using TIME filtering in
conjunction with PostGIS backends. More information can be found in the
dedicated upstream issue: #4834

https://github.com/mapserver/mapserver/issues/4834

I've included the patch for this minor vulnerability from MapServer 6.0.4 in
the new mapserver 6.0.1-3.2+deb7u2. 

Is this acceptable for upload to wheezy-proposed-updates?

Kind Regards,

Bas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mapserver_6.0.1-3.2+deb7u1_6.0.1-3.2+deb7u2.debdiff
Type: text/x-diff
Size: 2111 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-grass-devel/attachments/20140110/8579a35a/attachment.diff>


More information about the Pkg-grass-devel mailing list