Your message dated Mon, 27 Jul 2009 21:34:06 +0000
with message-id <e1mvxpe-0001sb...@ries.debian.org>
and subject line Bug#535340: fixed in mapserver 5.4.2-1
has caused the Debian Bug report #535340,
regarding mapserver: heap-based buffer overflow because due to integer overflow
in content-length handling
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
535340: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=535340
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mapserver
Severity: grave
Tags: security
Justification: user security hole
Hi,
As described in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523027#14
the fix for CVE-2009-0840 was not correct. A new CVE id got assigned to this:
CVE-2009-2281. Please reference it in the changelog if you fix this bug.
Cheers
Nico
--- End Message ---
--- Begin Message ---
Source: mapserver
Source-Version: 5.4.2-1
We believe that the bug you reported is fixed in the latest version of
mapserver, which is due to be installed in the Debian FTP archive:
cgi-mapserver_5.4.2-1_i386.deb
to pool/main/m/mapserver/cgi-mapserver_5.4.2-1_i386.deb
libmapscript-ruby1.8_5.4.2-1_i386.deb
to pool/main/m/mapserver/libmapscript-ruby1.8_5.4.2-1_i386.deb
libmapscript-ruby1.9_5.4.2-1_i386.deb
to pool/main/m/mapserver/libmapscript-ruby1.9_5.4.2-1_i386.deb
libmapscript-ruby_5.4.2-1_all.deb
to pool/main/m/mapserver/libmapscript-ruby_5.4.2-1_all.deb
mapserver-bin_5.4.2-1_i386.deb
to pool/main/m/mapserver/mapserver-bin_5.4.2-1_i386.deb
mapserver-doc_5.4.2-1_all.deb
to pool/main/m/mapserver/mapserver-doc_5.4.2-1_all.deb
mapserver_5.4.2-1.diff.gz
to pool/main/m/mapserver/mapserver_5.4.2-1.diff.gz
mapserver_5.4.2-1.dsc
to pool/main/m/mapserver/mapserver_5.4.2-1.dsc
mapserver_5.4.2.orig.tar.gz
to pool/main/m/mapserver/mapserver_5.4.2.orig.tar.gz
perl-mapscript_5.4.2-1_i386.deb
to pool/main/m/mapserver/perl-mapscript_5.4.2-1_i386.deb
php5-mapscript_5.4.2-1_i386.deb
to pool/main/m/mapserver/php5-mapscript_5.4.2-1_i386.deb
python-mapscript_5.4.2-1_i386.deb
to pool/main/m/mapserver/python-mapscript_5.4.2-1_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 535...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Alan Boudreault <aboudrea...@mapgears.com> (supplier of updated mapserver
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Fri, 24 Jul 2009 09:16:45 -0400
Source: mapserver
Binary: php5-mapscript perl-mapscript cgi-mapserver python-mapscript
mapserver-bin mapserver-doc libmapscript-ruby libmapscript-ruby1.8
libmapscript-ruby1.9
Architecture: source all i386
Version: 5.4.2-1
Distribution: unstable
Urgency: high
Maintainer: Francesco Paolo Lovergine <fran...@debian.org>
Changed-By: Alan Boudreault <aboudrea...@mapgears.com>
Description:
cgi-mapserver - CGI executable for MapServer
libmapscript-ruby - Ruby MapServer library
libmapscript-ruby1.8 - Ruby MapServer library
libmapscript-ruby1.9 - Ruby MapServer library
mapserver-bin - MapServer utilities
mapserver-doc - documentation for MapServer
perl-mapscript - Perl MapServer library
php5-mapscript - php5-cgi module for MapServer
python-mapscript - Python library for MapServer
Closes: 532446 535340
Changes:
mapserver (5.4.2-1) unstable; urgency=high
.
* New upstream release, with a few fixes.
Proper fix for CVE-2009-0840.
(closes: #535340, #532446)
Checksums-Sha1:
0a3de85db8f2da02758140e784f430bb24540339 2016 mapserver_5.4.2-1.dsc
4afe4719ad37c77aeeed83f33059e4ba053dcfa1 1877995 mapserver_5.4.2.orig.tar.gz
7edd06981d9ba885b2481da0dedd09051874ff81 1446539 mapserver_5.4.2-1.diff.gz
dad7e8c9d9c6ac9aef92ab11b17f974dea4b5d70 56526 mapserver-doc_5.4.2-1_all.deb
7f00f6655f97e719f555dc8528eb7c533a3238a1 54022
libmapscript-ruby_5.4.2-1_all.deb
6c3b06a568f317433232be3862e09f76ad2cd925 775152 php5-mapscript_5.4.2-1_i386.deb
f585fc9236eac398929e170766e7e328e9bd994f 973814 perl-mapscript_5.4.2-1_i386.deb
8c20ca708cebb98229c1861029cd3c0975bec8ec 705182 cgi-mapserver_5.4.2-1_i386.deb
7dcf1911ac7919ad8ba246c606b32b4dd41a6696 1591572
python-mapscript_5.4.2-1_i386.deb
ffe3d0b5bb484400e3a6a4d113e84e5e9b0e94fd 5173688 mapserver-bin_5.4.2-1_i386.deb
66919b0eed00406a25cf753c284ec2e74c7a4a27 844926
libmapscript-ruby1.8_5.4.2-1_i386.deb
6b77a4c2606bc579cd420b9aba1a0b80d9ee5f9a 845162
libmapscript-ruby1.9_5.4.2-1_i386.deb
Checksums-Sha256:
300f722de9763c7a84daa68b9da67afc117664c6c40f9c12404671663b76c663 2016
mapserver_5.4.2-1.dsc
a7005a809c7494cf2ca1648350eab601cc1af34709b127587679bce349e5e185 1877995
mapserver_5.4.2.orig.tar.gz
b4c9b530daec3e2a954a6a4e1a2fe25e92c31c2aa7f20d54ac3aab100d21bf17 1446539
mapserver_5.4.2-1.diff.gz
ea33761a3187f18333607b8b1644f752690d2cd7a491638d2ccee090198827a6 56526
mapserver-doc_5.4.2-1_all.deb
d698bb0527518eb65bcae0b72c2f26b77fedfb29ab6c773f11b70fbf8b65bfe4 54022
libmapscript-ruby_5.4.2-1_all.deb
b6ef8a79b7e81eb943d3b7ba932fc9eb2e549499e6190cf05fa2271da982fc37 775152
php5-mapscript_5.4.2-1_i386.deb
7e6098a154d5495df5b37efd30fe517eedd515904c13c4379befb231de3b8f6d 973814
perl-mapscript_5.4.2-1_i386.deb
7ed1a95d32a42573a6585b0fa2feb23a1600c13993d463a7165b763db37cb415 705182
cgi-mapserver_5.4.2-1_i386.deb
6c98c30b0fb068f433ea315221a2fb6666bcb1921991dc2aa047f82c626144e8 1591572
python-mapscript_5.4.2-1_i386.deb
7327f4c9402986f9b7c8b010250718280854048a9d7cc0845d3dd6ee7b39a1ae 5173688
mapserver-bin_5.4.2-1_i386.deb
87b40e45c3ef1032cdb22c288c80d26a47b21bcd87fe78a7d37cca432fda74b9 844926
libmapscript-ruby1.8_5.4.2-1_i386.deb
4b90d4b5cf62236f026b0b242c74b85eec436ad1047dfb21cc0403a5d6299974 845162
libmapscript-ruby1.9_5.4.2-1_i386.deb
Files:
062ac0e405ee3731a22c0449014c3f41 2016 devel optional mapserver_5.4.2-1.dsc
7c58bb90f5003fcfaec4320cc652a669 1877995 devel optional
mapserver_5.4.2.orig.tar.gz
77a3ea48385944bc050568359e789378 1446539 devel optional
mapserver_5.4.2-1.diff.gz
6cc37440f89bde956896cb1de3340bfa 56526 doc optional
mapserver-doc_5.4.2-1_all.deb
307f2c29b732bf63d28afd91d649d5f7 54022 ruby optional
libmapscript-ruby_5.4.2-1_all.deb
46baaf07c4e22440e4ed5a9b90de8a28 775152 php optional
php5-mapscript_5.4.2-1_i386.deb
3116dde79ae74bb86b0773f8bb641193 973814 perl optional
perl-mapscript_5.4.2-1_i386.deb
afcf86f6241368dadd9a2d64556a8e66 705182 web optional
cgi-mapserver_5.4.2-1_i386.deb
a0811863c1a54bb416a952386336043c 1591572 python optional
python-mapscript_5.4.2-1_i386.deb
2dee89305730a0eaf9da3c7b9c326fe2 5173688 misc optional
mapserver-bin_5.4.2-1_i386.deb
ace6f2629067dbd016d57b6039217732 844926 ruby optional
libmapscript-ruby1.8_5.4.2-1_i386.deb
4b3bbada7faaeb75550ea258d5537e56 845162 ruby optional
libmapscript-ruby1.9_5.4.2-1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkpuB/gACgkQpFNRmenyx0cVVACffvTd8dBOyZ65vlLVPLftbBtv
2IUAoPx+06X8gHcZH2wWi+P5bu/zGc9h
=83Ey
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Pkg-grass-devel mailing list
Pkg-grass-devel@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/pkg-grass-devel
