On 01/18/2017 10:17 PM, Ola Lundqvist wrote: > Yes they are ok for wheezy-security. Thank you for your support.
Thanks, I've uploaded the package to security-master. > On 18 January 2017 at 22:15, Sebastiaan Couwenberg <sebas...@xs4all.nl> wrote: >> Dear LTS Team, >> >> Today the MapServer team has announced the release of version 7.0.4 >> which fixes CVE-2017-5522 (stack buffer overflow). To quote the release >> announcement [0]: >> >> " >> Today the project team released versions 6.0.6, 6.2.4, 6.4.5 and 7.0.4 >> of MapServer. This is primarily a security release to address >> CVE-2017-5522. That issue involves a buffer overflow identified by >> MapServer developers associated with specific WFS get feature requests. >> " >> >> I've already updated the package in unstable, and have cherry-picked the >> commit fixing the issue for the package in jessie (6.4.1-5+deb8u3) & >> wheezy (6.0.1-3.2+deb7u3). See the attached debdiff. >> >> The issue may be remotely exploitable with specifically crafted WFS >> requests. >> >> Affected versions: >> >> * wheezy: 6.0.1-3.2+deb7u3 >> >> Fixed versions: >> >> * wheezy: 6.0.1-3.2+deb7u4 >> >> Are these changes OK for wheezy-security? >> >> [0] https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html Kind Regards, Bas -- GPG Key ID: 4096R/6750F10AE88D4AF1 Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
