Per upstream, the .map issue is CVE-2009-0842. Fixed in 5.2.2-1. See: http://trac.osgeo.org/mapserver/ticket/2941 http://trac.osgeo.org/mapserver/changeset/8805
Per upstream, the other issue should be fixed in the 5.4 series. I've requested a CVE and the bug reference. ** Visibility changed to: Public ** Bug watch added: trac.osgeo.org/mapserver/ #2941 http://trac.osgeo.org/mapserver/ticket/2941 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2009-0842 -- security: anyone can make mapserv read or write arbitrary files https://bugs.launchpad.net/bugs/398814 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
