Hi Yes they are ok for wheezy-security. Thank you for your support.
Best regards // Ola On 18 January 2017 at 22:15, Sebastiaan Couwenberg <[email protected]> wrote: > Dear LTS Team, > > Today the MapServer team has announced the release of version 7.0.4 > which fixes CVE-2017-5522 (stack buffer overflow). To quote the release > announcement [0]: > > " > Today the project team released versions 6.0.6, 6.2.4, 6.4.5 and 7.0.4 > of MapServer. This is primarily a security release to address > CVE-2017-5522. That issue involves a buffer overflow identified by > MapServer developers associated with specific WFS get feature requests. > " > > I've already updated the package in unstable, and have cherry-picked the > commit fixing the issue for the package in jessie (6.4.1-5+deb8u3) & > wheezy (6.0.1-3.2+deb7u3). See the attached debdiff. > > The issue may be remotely exploitable with specifically crafted WFS > requests. > > Affected versions: > > * wheezy: 6.0.1-3.2+deb7u3 > > Fixed versions: > > * wheezy: 6.0.1-3.2+deb7u4 > > Are these changes OK for wheezy-security? > > [0] https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html > > Kind Regards, > > Bas > > -- > GPG Key ID: 4096R/6750F10AE88D4AF1 > Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1 > > > -- --- Inguza Technology AB --- MSc in Information Technology ---- / [email protected] Folkebogatan 26 \ | [email protected] 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
