On 2016-12-07 09:49, Chris Lamb wrote:
Sebastiaan Couwenberg wrote:
Thanks, the fixed version has been uploaded, but the security-tracker
marks it (6.0.1-3.2+deb7u3) as vulnerable which is incorrect.
The security-tracker is generated from the files in the secure-testing
repository, not from
Sebastiaan Couwenberg wrote:
> Thanks, the fixed version has been uploaded, but the security-tracker
> marks it (6.0.1-3.2+deb7u3) as vulnerable which is incorrect.
The security-tracker is generated from the files in the secure-testing
repository, not from the archive itself.
Can you confirm
On 12/06/2016 11:22 PM, Chris Lamb wrote:
> Sebastiaan Couwenberg wrote:
>
>> Are these changes OK for wheezy-lts? The security team did not consider
>> it severe enough for a DSA
>
> I was somewhat on the fence when triaging this, but as you have backported
> the patch it seems a waste to throw
Sebastiaan Couwenberg wrote:
> Are these changes OK for wheezy-lts? The security team did not consider
> it severe enough for a DSA
I was somewhat on the fence when triaging this, but as you have backported
the patch it seems a waste to throw it away now. Please go ahead and upload.
Regards,
Dear LTS Team,
Yesterday the MapServer team has released version 7.0.3 which fixes
CVE-2016-9839. To quote the release announcement [0]:
"
That issue involves OGR error messages being too verbose in some
instances and potentially disclosing sensitive information if the
underlying connection
