On mar, lug 07, 2015 at 03:02:39 +0200, sebastic wrote: > Dear Security Team, > > Today the MapServer project published new MapServer & TinyOWS releases to > address CVE-2013-0339 in libxml2. > > Since the issue is only with libxml2 < 2.9, it should only affect wheezy and > squeeze. But since CVE-2013-0339 is marked fixed in the wheezy & squeeze > libxml2 packages, I don't think we need these mapserver updates in Debian > for the security fix. > > Can you confirm we don't to patch mapserver in wheezy & squeeze? Yes. As far as we know CVE-2013-0339 is fixed in both squeeze and wheezy, so there's no need to implement mitigations in software using libxml2. Cheers
Attachment:
signature.asc
Description: Digital signature