group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #10526
[Bug 1648998] Re: Fix CVE-2016-9839 & CVE-2017-5522
This bug was fixed in the package mapserver - 6.4.1-2ubuntu0.1
---------------
mapserver (6.4.1-2ubuntu0.1) trusty-security; urgency=medium
* Non-maintainer upload.
* Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522.
(LP: #1648998)
-- Bas Couwenberg <sebastic@xxxxxxxxxx> Wed, 18 Jan 2017 23:18:47
+0100
** Changed in: mapserver (Ubuntu Xenial)
Status: New => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1648998
Title:
Fix CVE-2016-9839 & CVE-2017-5522
Status in mapserver package in Ubuntu:
Fix Released
Status in mapserver source package in Precise:
Fix Released
Status in mapserver source package in Trusty:
Fix Released
Status in mapserver source package in Xenial:
Fix Released
Status in mapserver source package in Yakkety:
Fix Released
Status in mapserver source package in Zesty:
Fix Released
Bug description:
In MapServer before 7.0.3, OGR driver error messages are too verbose
and may leak sensitive information if data connection fails.
https://people.canonical.com/~ubuntu-
security/cve/2016/CVE-2016-9839.html
Packages for Debian have been updated - we should apply the same in
Ubuntu.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mapserver/+bug/1648998/+subscriptions