Your message dated Sun, 12 Jan 2014 23:32:24 +0000 with message-id <e1w2uw0-0004tr...@franck.debian.org> and subject line Bug#734565: fixed in mapserver 5.6.5-2+squeeze3 has caused the Debian Bug report #734565, regarding mapserver: CVE-2013-7262 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 734565: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734565 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: mapserver Severity: important Tags: security upstream patch Hi, the following vulnerability was published for mapserver. CVE-2013-7262[0]: | SQL injection vulnerability in the msPostGISLayerSetTimeFilter | function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time | service is used, allows remote attackers to execute arbitrary SQL | commands via a crafted string in a PostGIS TIME filter. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7262 http://security-tracker.debian.org/tracker/CVE-2013-7262 [1] https://github.com/mapserver/mapserver/issues/4834 Please adjust the affected versions in the BTS as needed, at least unstable from looking at source seems affected. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: mapserver Source-Version: 5.6.5-2+squeeze3 We believe that the bug you reported is fixed in the latest version of mapserver, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 734...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated mapserver package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 10 Jan 2014 04:21:27 +0100 Source: mapserver Binary: php5-mapscript perl-mapscript cgi-mapserver python-mapscript mapserver-bin mapserver-doc libmapscript-ruby libmapscript-ruby1.8 libmapscript-ruby1.9.1 Architecture: source all amd64 Version: 5.6.5-2+squeeze3 Distribution: oldstable-proposed-updates Urgency: low Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Description: cgi-mapserver - CGI executable for MapServer libmapscript-ruby - Ruby MapServer library libmapscript-ruby1.8 - Ruby MapServer library libmapscript-ruby1.9.1 - Ruby MapServer library mapserver-bin - MapServer utilities mapserver-doc - documentation for MapServer perl-mapscript - Perl MapServer library php5-mapscript - php5-cgi module for MapServer python-mapscript - Python library for MapServer Closes: 734565 Changes: mapserver (5.6.5-2+squeeze3) oldstable-proposed-updates; urgency=low . * Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in mappostgis.c. (closes: #734565) * Remove debhelper log files to allow clean builds. Checksums-Sha1: d5c8739a83f5fb5d3028bb3e6dd7fec08fdf02b4 2731 mapserver_5.6.5-2+squeeze3.dsc 9f97349ed9019e6ed729b8fffa8145e411bfac09 31353 mapserver_5.6.5-2+squeeze3.diff.gz 07ead7476c70cfe54d358991c36a751b873735b4 81634 mapserver-doc_5.6.5-2+squeeze3_all.deb bd7b6c4986af9d7eab2ed8c99f18b85f2de3922f 60326 libmapscript-ruby_5.6.5-2+squeeze3_all.deb 3378b330423a7ddbbf6cb8b7b0639f37e37ab25e 876806 php5-mapscript_5.6.5-2+squeeze3_amd64.deb 02d4bc9ad6ddd031811da1dae73835f39757f778 1100548 perl-mapscript_5.6.5-2+squeeze3_amd64.deb f6567ebe28a2e5cc62df858cc47cf8dd4b3070eb 788696 cgi-mapserver_5.6.5-2+squeeze3_amd64.deb 4043293533b0e892175ae46ba667d03b263d003b 1784436 python-mapscript_5.6.5-2+squeeze3_amd64.deb 92bff3a786914a0e06c376c4f7858ba27e99d70a 6488296 mapserver-bin_5.6.5-2+squeeze3_amd64.deb 22d2f52a9e327e84eef856439f6b8ab7d55d42ab 989446 libmapscript-ruby1.8_5.6.5-2+squeeze3_amd64.deb 78f9b4d72f19d6e7ea3208eef541308f5d66647f 989934 libmapscript-ruby1.9.1_5.6.5-2+squeeze3_amd64.deb Checksums-Sha256: f157dbdaa232384d70f7c82535a9c40e47d672ae0b935d82621186c63673175f 2731 mapserver_5.6.5-2+squeeze3.dsc e40a70bcd51b7a1e0d8545e40729f0d6c19c6e7e9e3d4912f4530c4e54a4b6b8 31353 mapserver_5.6.5-2+squeeze3.diff.gz 0d6e4e563b25278057f81b5d2aa084cb4bba24f666a3da78a39a3f4509503638 81634 mapserver-doc_5.6.5-2+squeeze3_all.deb cf4dee68c6d3d155516ad321a0f23704f433a735364c3c758ab2a8869c9cd5e8 60326 libmapscript-ruby_5.6.5-2+squeeze3_all.deb 3ac29d92af7940cd9ab43024425578a80b11b7b5ea795651f513b345c7fbfcc0 876806 php5-mapscript_5.6.5-2+squeeze3_amd64.deb 57fbca5c7fa9c5a553617dc7d4139976c0efd4f0cd88ecf824846ebcaf6e6c8e 1100548 perl-mapscript_5.6.5-2+squeeze3_amd64.deb 86f483db9739154c3d47c6f47011a590e485571bfa08e87c806ef3b438984478 788696 cgi-mapserver_5.6.5-2+squeeze3_amd64.deb cfaa8910e34d5d1e3292a9b450b34cc9fa1fccc9691a9aef4487e86a78435def 1784436 python-mapscript_5.6.5-2+squeeze3_amd64.deb d42ea327e5d06e7fb09668882bb9f38db8e3a9dccc3e81e880ba1fe433416f08 6488296 mapserver-bin_5.6.5-2+squeeze3_amd64.deb 2684b38c83bb394e5e1f98a6913471a7f811f4e9b48e83cc90636e79954ebcf2 989446 libmapscript-ruby1.8_5.6.5-2+squeeze3_amd64.deb c3fe4a6b6e65e9692d97cff6b97cfebb804b9cdbcd4d915f6d88fb2fa6abbc82 989934 libmapscript-ruby1.9.1_5.6.5-2+squeeze3_amd64.deb Files: a34bc23ad926e0f7b3919f25d97547f4 2731 devel optional mapserver_5.6.5-2+squeeze3.dsc 8b851fdecbbb6f8ed85d7ada7f284c64 31353 devel optional mapserver_5.6.5-2+squeeze3.diff.gz 34db8cf9c3ec346c0fabcb72d9ae797f 81634 doc optional mapserver-doc_5.6.5-2+squeeze3_all.deb 4fdb5f0e9b10335c7a06b930e8af52e5 60326 ruby optional libmapscript-ruby_5.6.5-2+squeeze3_all.deb 611facaa5152f5a855403ab4f5888469 876806 php optional php5-mapscript_5.6.5-2+squeeze3_amd64.deb ef650748471c10507abfbf6cffc29c57 1100548 perl optional perl-mapscript_5.6.5-2+squeeze3_amd64.deb 71c9edced3c2fde132d28b44a907982b 788696 web optional cgi-mapserver_5.6.5-2+squeeze3_amd64.deb 005215106aad2a2b4fc039f2320f36fa 1784436 python optional python-mapscript_5.6.5-2+squeeze3_amd64.deb b5059da4688c9c8ab63b3a8807531c85 6488296 misc optional mapserver-bin_5.6.5-2+squeeze3_amd64.deb b35d3cd7f1c45fac8c1992247e19d6a4 989446 ruby optional libmapscript-ruby1.8_5.6.5-2+squeeze3_amd64.deb 83ec0df88e6a09cf522611836dc42515 989934 ruby optional libmapscript-ruby1.9.1_5.6.5-2+squeeze3_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCgAGBQJS0bCPAAoJEAVMuPMTQ89E6MUP/0hhgEYoKXpn++/1Lk9sY39+ 9MF4yBUSDOUp1OgODutGNRaD0+eA2eBUu8DtVB+KxBs0QWZULuknWDCGzSzSb5Jc BEleTHVo9r3WJt4ZBMTrqAj1xAZ9T7T6VKvNDiLdie6qe3ztP9K3ePwLHX2gE3sm q3x+FzC+dK/YguXL7IaEmeeRyanrovzxkIRVvmwAB68UyQJbFuvwXZIoIuNtjdTq awSMBlufMI2UBXlIE7zR6D8g9KU00KeyUKGxiwtjYney4e/m3wvUBfipem7vbOdD dd+OLyt5eIAJ5SKnomLA2nwz4xq5Tv049XQ5jUtnB5T/BN6960YO+sxDwqME+GXy jEgS5gpY8oOYY+FHSFxkCvh68c/BU7Ot3vHZ0tXRXEA2HJ4a6E3H0Bf+XFC+OhmX SuHR1ZoKezZCaxSJ9ae69NN8cwsi+HWH4tUe3JMS3EOo5qCj8lcEF/tORciJRtFn b3qLlyVwF0m9veVXV7nPg8XAht/7ohJnPnbM9L3uqcIzGRgFlQDA/1xTO936/IGz jV54yVeba+BMIablPD6JwZHAE+cAl3o35ercMsuvPVScpK3kWZS03OXj2gqCORTY 4vnu9ntY+GZa11sCoLzWjvaethgb67kh71m3vyA0gKRXOHfuVtRZUQu6Kxu48HQK +qw+xU/O41tU3Qw1Dnqi =y5S6 -----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________ Pkg-grass-devel mailing list Pkg-grass-devel@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-grass-devel
