Hi Bas, On Wed, Jan 08, 2014 at 08:40:35AM +0100, Sebastiaan Couwenberg wrote: > On 01/08/2014 08:25 AM, Salvatore Bonaccorso wrote: > > If you fix the vulnerability please also make sure to include the > > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > The new mapserver packages were prepared before the CVE was available. > > > Please adjust the affected versions in the BTS as needed, at least > > unstable from looking at source seems affected. > > Unstable is no longer affect with the upload of mapserver 6.4.1, wheezy > and squeeze still are, but the proposed updates for both are waiting for > feedback from the release team: > > Bug#734099: pu: package mapserver/6.0.4-1 > Bug#734118: opu: package mapserver/5.6.9-1
Could you clarify if second commit referenced in https://github.com/mapserver/mapserver/issues/4834 (WFS-2 specific fixes for postgis time sql injections (#4834,#4815)) is also needed? Is this relevant for Debian? Thanks for your work, and regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
