Hello,
Athos Ribeiro wrote:
The first step is to assess if other supported Ubuntu versions are
indeed affected.
As mentioned in an update to
https://bugs.launchpad.net/ubuntu/+source/mapserver/+bug/2069291 :
* mapserver for Noble (mapserver 8.0.1-4ubuntu2) is affected by
CVE-2025-59431 and CVE-2026-33721, since the package was generated
2024-03-31.
* mapserver for Questing (Ubuntu 25.10) is affected by CVE-2026-33721,
since the package was generated 2025 2025-05-23.
* mapserver for Resolute (Ubuntu 26) is affected by CVE-2026-33721,
since the package was generated 2026-01-26, and the CVE was
published later in 2026.
They can probably all be fixed by (back-)porting patches or packages
from Debian, but I'm wary about stepping in to help, because I would not
have a system for them to be be used for real work, so the kind of
testing I'd do would be very narrow.
And frankly, I'm disheartened by the amount of paperwork which seems to
be involved with trying to help out. For example: Is the SRU process
really needed for a package update which is not a new version (which
only adds patches to an existing version?
--
Regards,
Troels Arvin
--
Ubuntu-motu mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
