On 01/18/2017 06:52 PM, Emilio Pozuelo Monfort wrote: > On 18/01/17 18:37, Bas Couwenberg wrote: >> Package: release.debian.org >> Severity: normal >> User: [email protected] >> Usertags: unblock >> >> Please unblock package mapserver, it fixes CVE-2017-5522. > > I can't find that CVE. Wrong one?
It may not have been published yet, the CVE wasn't available yet at the time of the MapServer release. The developers only got it today after which they announced the releases mentioning this CVE. >> unblock mapserver/7.0.4-1 >> >> Aging it should be sufficient too. > > Unfortunately the new mapserver picked up a dependency on perl, which will > need > some time to migrate and is failing a build on mips64el. Alright, then we'll just have to wait. I'll include the fix for the CVE as a patch in the backport in the mean time. Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
