Re: Fixing CVE-2016-9839 for mapserver in wheezy

To: Chris Lamb <lamby@debian.org>, debian-lts@lists.debian.org
Cc: Debian GIS Project <debian-gis@lists.debian.org>
Subject: Re: Fixing CVE-2016-9839 for mapserver in wheezy
From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
Date: Wed, 7 Dec 2016 08:09:44 +0100
Message-id: <[🔎] 00f01ee6-830e-3d78-71dc-c659927e1abd@xs4all.nl>
In-reply-to: <[🔎] 1481062935.3702191.810669409.23E0E08F@webmail.messagingengine.com>
References: <[🔎] de73cd23-dc38-8596-f523-d67dfa9b2eb9@xs4all.nl> <[🔎] 1481062935.3702191.810669409.23E0E08F@webmail.messagingengine.com>

On 12/06/2016 11:22 PM, Chris Lamb wrote:
> Sebastiaan Couwenberg wrote:
> 
>> Are these changes OK for wheezy-lts? The security team did not consider
>> it severe enough for a DSA
> 
> I was somewhat on the fence when triaging this, but as you have backported
> the patch it seems a waste to throw it away now. Please go ahead and upload.

Thanks, the fixed version has been uploaded, but the security-tracker
marks it (6.0.1-3.2+deb7u3) as vulnerable which is incorrect.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Reply to:

Follow-Ups:
- Re: Fixing CVE-2016-9839 for mapserver in wheezy
  - From: Chris Lamb <lamby@debian.org>

References:
- Fixing CVE-2016-9839 for mapserver in wheezy
  - From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
- Re: Fixing CVE-2016-9839 for mapserver in wheezy
  - From: Chris Lamb <lamby@debian.org>

Prev by Date: Re: Fixing CVE-2016-9839 for mapserver in wheezy
Next by Date: Re: Fixing CVE-2016-9839 for mapserver in wheezy
Previous by thread: Re: Fixing CVE-2016-9839 for mapserver in wheezy
Next by thread: Re: Fixing CVE-2016-9839 for mapserver in wheezy
Index(es):
- Date
- Thread