[Bug 1648998] Re: Fix CVE-2016-9839 & CVE-2017-5522
Launchpad Bug Tracker
1648998 at bugs.launchpad.net
Tue Jan 24 16:06:39 UTC 2017
This bug was fixed in the package mapserver - 6.4.1-2ubuntu0.1
---------------
mapserver (6.4.1-2ubuntu0.1) trusty-security; urgency=medium
* Non-maintainer upload.
* Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522.
(LP: #1648998)
-- Bas Couwenberg <sebastic at debian.org> Wed, 18 Jan 2017 23:18:47
+0100
** Changed in: mapserver (Ubuntu Xenial)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1648998
Title:
Fix CVE-2016-9839 & CVE-2017-5522
Status in mapserver package in Ubuntu:
Fix Released
Status in mapserver source package in Precise:
Fix Released
Status in mapserver source package in Trusty:
Fix Released
Status in mapserver source package in Xenial:
Fix Released
Status in mapserver source package in Yakkety:
Fix Released
Status in mapserver source package in Zesty:
Fix Released
Bug description:
In MapServer before 7.0.3, OGR driver error messages are too verbose
and may leak sensitive information if data connection fails.
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-9839.html
Packages for Debian have been updated - we should apply the same in
Ubuntu.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mapserver/+bug/1648998/+subscriptions
More information about the Ubuntu-sponsors
mailing list