[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fixing CVE-2017-5522 (stack buffer overflow) for mapserver in wheezy

Hi

Yes they are ok for wheezy-security. Thank you for your support.

Best regards

// Ola

On 18 January 2017 at 22:15, Sebastiaan Couwenberg <sebastic@xs4all.nl> wrote:
> Dear LTS Team,
>
> Today the MapServer team has announced the release of version 7.0.4
> which fixes CVE-2017-5522 (stack buffer overflow). To quote the release
> announcement [0]:
>
> "
>  Today the project team released versions 6.0.6, 6.2.4, 6.4.5 and 7.0.4
>  of MapServer. This is primarily a security release to address
>  CVE-2017-5522. That issue involves a buffer overflow identified by
>  MapServer developers associated with specific WFS get feature requests.
> "
>
> I've already updated the package in unstable, and have cherry-picked the
> commit fixing the issue for the package in jessie (6.4.1-5+deb8u3) &
> wheezy (6.0.1-3.2+deb7u3). See the attached debdiff.
>
> The issue may be remotely exploitable with specifically crafted WFS
> requests.
>
> Affected versions:
>
>  * wheezy: 6.0.1-3.2+deb7u3
>
> Fixed versions:
>
>  * wheezy: 6.0.1-3.2+deb7u4
>
> Are these changes OK for wheezy-security?
>
> [0] https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html
>
> Kind Regards,
>
> Bas
>
> --
>  GPG Key ID: 4096R/6750F10AE88D4AF1
> Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1
>
>
>



-- 
 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /
 ---------------------------------------------------------------
Reply to: