Package: mapserver
Severity: important
Tags: security upstream patch


the following vulnerability was published for mapserver.

| SQL injection vulnerability in the msPostGISLayerSetTimeFilter
| function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time
| service is used, allows remote attackers to execute arbitrary SQL
| commands via a crafted string in a PostGIS TIME filter.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:


Please adjust the affected versions in the BTS as needed, at least
unstable from looking at source seems affected.


Pkg-grass-devel mailing list

Reply via email to