group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1648998] Re: Fix CVE-2016-9839 & CVE-2017-5522

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1648998@xxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Jan 2017 16:12:10 -0000
Reply-to: Bug 1648998 <1648998@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package mapserver - 6.0.1-2ubuntu1.2

---------------
mapserver (6.0.1-2ubuntu1.2) precise-security; urgency=medium

  * Non-maintainer upload.
  * Add upstream patches to fix CVE-2016-9839 & CVE-2017-5522.
    (LP: #1648998)

 -- Bas Couwenberg <sebastic@xxxxxxxxxx>  Wed, 18 Jan 2017 23:18:10
+0100

** Changed in: mapserver (Ubuntu Precise)
       Status: New => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1648998

Title:
  Fix CVE-2016-9839 & CVE-2017-5522

Status in mapserver package in Ubuntu:
  Fix Released
Status in mapserver source package in Precise:
  Fix Released
Status in mapserver source package in Trusty:
  Fix Released
Status in mapserver source package in Xenial:
  Fix Released
Status in mapserver source package in Yakkety:
  Fix Released
Status in mapserver source package in Zesty:
  Fix Released

Bug description:
  In MapServer before 7.0.3, OGR driver error messages are too verbose
  and may leak sensitive information if data connection fails.

  https://people.canonical.com/~ubuntu-
  security/cve/2016/CVE-2016-9839.html

  Packages for Debian have been updated - we should apply the same in
  Ubuntu.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mapserver/+bug/1648998/+subscriptions