Re: Fixing CVE-2017-1000426 in mapproxy for stretch

To: Sebastiaan Couwenberg <sebastic@xs4all.nl>
Cc: team@security.debian.org, Debian GIS Project <debian-gis@lists.debian.org>
Subject: Re: Fixing CVE-2017-1000426 in mapproxy for stretch
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sun, 7 Jan 2018 22:09:15 +0100
Message-id: <[🔎] 20180107210915.GA20405@pisco.westfalen.local>
In-reply-to: <[🔎] 944676b9-c3c3-7ec0-410c-9ad53b024249@xs4all.nl>
References: <[🔎] 944676b9-c3c3-7ec0-410c-9ad53b024249@xs4all.nl>

Hi Sebastiaan,

On Sun, Jan 07, 2018 at 09:53:54AM +0100, Sebastiaan Couwenberg wrote:
> Dear Security Team,
> 
> After noticing the mapproxy security issue in the tracker I've gone
> ahead and backported the upstream patch for the 1.9.0 package in
> stretch. See the attached debdiff.

Thanks for reaching out proactively! But that doesn't warrant a DSA,
the impact is fairly limited.

Could you please fix this through a stretch point update instead?
See https://www.debian.org/doc/manuals/developers-reference/ch05.html#upload-stable

Cheers,
        Moritz

Reply to:

Follow-Ups:
- Re: Fixing CVE-2017-1000426 in mapproxy for stretch
  - From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

References:
- Fixing CVE-2017-1000426 in mapproxy for stretch
  - From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

Prev by Date: Fixing CVE-2017-1000426 in mapproxy for stretch
Next by Date: Re: Fixing CVE-2017-1000426 in mapproxy for stretch
Previous by thread: Fixing CVE-2017-1000426 in mapproxy for stretch
Next by thread: Re: Fixing CVE-2017-1000426 in mapproxy for stretch
Index(es):
- Date
- Thread