Ubuntu
mapserver package

  1. Bug #1648998
  2. Comment #2

Comment 2 for bug 1648998

Revision history for this message
Bas Couwenberg (sebastic) wrote : Re: WMS exception may expose PostGIS connection details for users

In the mean time MapServer 7.0.4 has been released fixing CVE-2017-5522.

The packages in Debian have been updated to include the fix, as have the packages in the UbuntuGIS PPA.

I've also prepared updates for Ubuntu fixing both CVE-2016-9839 & CVE-2017-5522:

 https://anonscm.debian.org/cgit/pkg-grass/mapserver.git/log/?h=ubuntu-precise
 https://anonscm.debian.org/cgit/pkg-grass/mapserver.git/log/?h=ubuntu-trusty
 https://anonscm.debian.org/cgit/pkg-grass/mapserver.git/log/?h=ubuntu-vivid
 https://anonscm.debian.org/cgit/pkg-grass/mapserver.git/log/?h=ubuntu-xenial
 https://anonscm.debian.org/cgit/pkg-grass/mapserver.git/log/?h=ubuntu-yakkety