Your message dated Sun, 12 Jan 2014 23:32:06 +0000 with message-id <e1w2uvi-0004nz...@franck.debian.org> and subject line Bug#734565: fixed in mapserver 6.0.1-3.2+deb7u2 has caused the Debian Bug report #734565, regarding mapserver: CVE-2013-7262 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 734565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734565 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mapserver Severity: important Tags: security upstream patch Hi, the following vulnerability was published for mapserver. CVE-2013-7262[0]: | SQL injection vulnerability in the msPostGISLayerSetTimeFilter | function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time | service is used, allows remote attackers to execute arbitrary SQL | commands via a crafted string in a PostGIS TIME filter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7262 http://security-tracker.debian.org/tracker/CVE-2013-7262 [1] https://github.com/mapserver/mapserver/issues/4834 Please adjust the affected versions in the BTS as needed, at least unstable from looking at source seems affected. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mapserver Source-Version: 6.0.1-3.2+deb7u2 We believe that the bug you reported is fixed in the latest version of mapserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 734...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated mapserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 10 Jan 2014 03:45:58 +0100 Source: mapserver Binary: php5-mapscript libmapscript-perl cgi-mapserver python-mapscript mapserver-bin mapserver-doc libmapscript-ruby libmapscript-ruby1.8 libmapscript-ruby1.9.1 Architecture: source all amd64 Version: 6.0.1-3.2+deb7u2 Distribution: stable-proposed-updates Urgency: low Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: cgi-mapserver - CGI executable for MapServer libmapscript-perl - Perl MapServer module libmapscript-ruby - Ruby MapServer library libmapscript-ruby1.8 - Ruby MapServer library libmapscript-ruby1.9.1 - Ruby MapServer library mapserver-bin - MapServer utilities mapserver-doc - documentation for MapServer php5-mapscript - php5-cgi module for MapServer python-mapscript - Python library for MapServer Closes: 734565 Changes: mapserver (6.0.1-3.2+deb7u2) stable-proposed-updates; urgency=low . * Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c. (closes: #734565) Checksums-Sha1: b0adfda5df7e68c48c5c0f913dec2b5d9e7079ec 3062 mapserver_6.0.1-3.2+deb7u2.dsc 5ae76763a0ecd83ed55f324ffb5dfe587a84fc5c 29026 mapserver_6.0.1-3.2+deb7u2.debian.tar.gz 329bb47737c6ee3c3503dda52ef9141ebb2d6894 95340 mapserver-doc_6.0.1-3.2+deb7u2_all.deb 90ac81bbe58d05788605ece9145e4fd2605c410e 69296 libmapscript-ruby_6.0.1-3.2+deb7u2_all.deb 7cacf54ec8b090f7ab214fa28999a3e9ba494781 1023516 php5-mapscript_6.0.1-3.2+deb7u2_amd64.deb 7a00f8f84d34c637882528a21ad38bb58b735e9a 1178958 libmapscript-perl_6.0.1-3.2+deb7u2_amd64.deb 8902db53b831f15a6c55ad2c445a5e3cff076569 821158 cgi-mapserver_6.0.1-3.2+deb7u2_amd64.deb 1d47f657c57f143e71ea9493b7df3ae5041ecfb4 2028830 python-mapscript_6.0.1-3.2+deb7u2_amd64.deb 7232e1f717940ab295e21fd21e9d13fab3658b3a 6708472 mapserver-bin_6.0.1-3.2+deb7u2_amd64.deb dbf878efb095e3c1fba54709b5b46016966cf31c 1081378 libmapscript-ruby1.8_6.0.1-3.2+deb7u2_amd64.deb 8a3381c50991d4ddb5e9c2d8d39b9809d2eb5a94 1083160 libmapscript-ruby1.9.1_6.0.1-3.2+deb7u2_amd64.deb Checksums-Sha256: e98eaf0effcb254997bdd06a799aae06f47027e3cb10fc03ba6891495026a978 3062 mapserver_6.0.1-3.2+deb7u2.dsc 49fb197e5190ff859efbbc9d5399482e5815216146818c2ddb0eb0a297877717 29026 mapserver_6.0.1-3.2+deb7u2.debian.tar.gz 5fcb6be1a9cab3b323b55223f10cab520af37db863ca34787325846b399ef452 95340 mapserver-doc_6.0.1-3.2+deb7u2_all.deb 203a921888dc32923df49c0cbcf1b5d3fdb22932e17d1489132d722e7635bd84 69296 libmapscript-ruby_6.0.1-3.2+deb7u2_all.deb d05fd8a568ea354b7b1f2388baa21810fb82a685113d2d98e74a6a1bc72cc944 1023516 php5-mapscript_6.0.1-3.2+deb7u2_amd64.deb d0db807576f17d75a2440360d8ab0665397d1a840783ef37cdf31dd23ccb30b6 1178958 libmapscript-perl_6.0.1-3.2+deb7u2_amd64.deb a80f11e8ea13cc2cf9d79dc172883372f3082bef438c374b8c2259afd4fd3fc1 821158 cgi-mapserver_6.0.1-3.2+deb7u2_amd64.deb ad207e37466c0e52d613774ec4f9b83d17e5cfd088b6b99bf2b9ec99ec4840ba 2028830 python-mapscript_6.0.1-3.2+deb7u2_amd64.deb 470040d455d661b52e5a3a8be6d7c15cf2291269906b861fc84832282faf4b29 6708472 mapserver-bin_6.0.1-3.2+deb7u2_amd64.deb 45d653ca18500ce799c342714b98d727aebd61c46434fd4eb6dd158299f7d732 1081378 libmapscript-ruby1.8_6.0.1-3.2+deb7u2_amd64.deb 1c81ae23f90929ba3ee474b2332cd285cf389bc614838f51dd471c602ebff61f 1083160 libmapscript-ruby1.9.1_6.0.1-3.2+deb7u2_amd64.deb Files: 1127371137159a4314c95ff292bf48af 3062 devel optional mapserver_6.0.1-3.2+deb7u2.dsc 7e992635d54b0c64632a19baef9cff23 29026 devel optional mapserver_6.0.1-3.2+deb7u2.debian.tar.gz 31c98ed00a327cf22928c16c6404287d 95340 doc optional mapserver-doc_6.0.1-3.2+deb7u2_all.deb 8f14cfa178f726675ebb7e132cd17970 69296 ruby optional libmapscript-ruby_6.0.1-3.2+deb7u2_all.deb 5edae5d3d5c8b83169f2229ec14bd125 1023516 php optional php5-mapscript_6.0.1-3.2+deb7u2_amd64.deb 736e3a6c620d543ea3bf5fa9811afd90 1178958 perl optional libmapscript-perl_6.0.1-3.2+deb7u2_amd64.deb e4431a1a7efb40a8c6baca9b3b97eb0d 821158 web optional cgi-mapserver_6.0.1-3.2+deb7u2_amd64.deb 63944162e81989309687135eb058ba39 2028830 python optional python-mapscript_6.0.1-3.2+deb7u2_amd64.deb c61916e68c12abf94b2a504f7ce38d5f 6708472 misc optional mapserver-bin_6.0.1-3.2+deb7u2_amd64.deb 01c5e4b89ddccb19661bba486a07aae8 1081378 ruby optional libmapscript-ruby1.8_6.0.1-3.2+deb7u2_amd64.deb 337eec8fd1dc7966b48e1d7019f7f907 1083160 ruby optional libmapscript-ruby1.9.1_6.0.1-3.2+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJS0aaOAAoJEAVMuPMTQ89E2YcP/RV8i0aaf4wfk8pyL8m1T7r0 6J7O6E4A8E85n2NpQSb4DPLfnfGafgwpNZQh0xt0aPISE7lI/VS77IVaTca+rSYZ EhiicCas/P6qKaw2UWwlIo2JAyeiD22/Vr9U/mjNmy2RGHv7iuS6rhkAM2y4yt8O oXeGH05tCE9DVFdeXLjub9EJtpHKcyn+lHsi734CwBwm+p+s4qQiNBf6D+6hE/m3 Vb9jV4z6QbS3EbejtJoDj0qJxzjJT7LzOtZNCN4bmUpCrHqlRske3Bnp9zC+UPD6 kx6EVOjmwuvL18bOnsiEgBect+1ElJR4sDZRSeCmsuZUetRo+2XliYXHjtgEwNPo YRgwc5qeUVsiuNQzc06oKECpspGQLIild2o3wBbbBbQOgfwFP7D9NvfudpFMmEAf JAf9UCtqQ0Udmlm2mNJWttpcG0m3gmScIZUh/cS5e8AvvcO3tSO8AvsSOb/tBp5L JBwusLmcAMwmBMkVw09W930bM0DRyS5juGJsjQe6K6V4haA/LhQ1mXyBH795tsrb 0KyoDti/8a0TXjWrvDVI2JsMBraSy+SVGaT3lBmzCG5d6kqksFOR77gMuk9utANC YfTQ0trGbZpcnkFt2aZxJbDfsu9f4kXnrbLZsFnJIJe9z/JjRqRg2j6M2DWvhM6Q 49vNmRJNMcdCMe1yx/re =Cnjh -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
