On Mon, Apr 20, 2026 at 12:56:27PM +0200, Troels Arvin @ Ubuntu wrote:
Hello,
Hi,
I've created an updated mapserver package for Jammy/Universe: https://launchpad.net/~troels-w/+archive/ubuntu/mapserver7/+build/32779921 The package fixes to security bugs: CVE-2025-59431: https://lists.osgeo.org/pipermail/mapserver-announce/2024-June/000046.html CVE-2026-33721: https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp
Nice!
Related Launchpad case is 2069291, but I'm not sure who can see the case.
I cannot see it. I wonder why is that. It would be nice to either make it public or to file a different bug for that.
I propose that the updated package be put into Universe for Jammy. Debdiff: https://launchpad.net/~troels-w/+archive/ubuntu/mapserver7/+files/mapserver_7.6.4-2build2_7.6.4-3.diff.gz
Thanks for the Debdiff. While this is not a formal review on it, here are some things that could be improved there: * It would be nice to reference a bug in that changelog entry. If you do not control the bug you mention in this email, which I cannot open, or if it contains sensitive data, you can create another public bug and reference it in the changelog. * Since this is an update to a stable release, you must follow the SRU process for this update. In special, you need to file the SRU template paperwork in the bug description you are going to use in the changelog entry. * Since this is an update to a stable release, you must make sure that all supported Ubuntu releases which are newer than the one being fixed, are already fixed. Is that the case? * Since a new delta is being added, the package versioning in d/changelog must reflect that. meaning you need to add the "ubuntu" string in the debian revision part of the package version. * That dep3 header could reflect the fact that the patch comes from the * upstream project by adjusting the Origin field to say "Origin: upstream, $URL". Below are some pointers for the documentation where you can ger more familiar with the process. Once you attach your debdiff in the related bug, please subscribe the ubuntu-sponsors launchpad user to the bug so your patch enters the Ubuntu sponsoring queue. Eventually a patch pilot will be able to check your contribution and help you driving that SRU. https://documentation.ubuntu.com/project/how-ubuntu-is-made/concepts/version-strings/#version-strings https://documentation.ubuntu.com/project/SRU/stable-release-updates/#stable-release-updates-sru https://documentation.ubuntu.com/project/contributors/bug-fix/fix-a-bug-in-a-package/ https://documentation.ubuntu.com/project/contributors/patching/submit-a-merge-proposal/ https://documentation.ubuntu.com/project/how-ubuntu-is-made/processes/sponsorship/#sponsorship -- Athos Ribeiro -- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
