[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: MapServer and TinyOWS updates for CVE-2013-0339

On mar, lug 07, 2015 at 03:02:39 +0200, sebastic wrote:
> Dear Security Team,
> Today the MapServer project published new MapServer & TinyOWS releases to
> address CVE-2013-0339 in libxml2.
> Since the issue is only with libxml2 < 2.9, it should only affect wheezy and
> squeeze. But since CVE-2013-0339 is marked fixed in the wheezy & squeeze
> libxml2 packages, I don't think we need these mapserver updates in Debian
> for the security fix.
> Can you confirm we don't to patch mapserver in wheezy & squeeze?

Yes. As far as we know CVE-2013-0339 is fixed in both squeeze and wheezy, so
there's no need to implement mitigations in software using libxml2.


Attachment: signature.asc
Description: Digital signature

Reply to: