Ubuntu
mapserver package

lp:ubuntu/hardy-security/mapserver

  1. Hardy (8.04)
  2. hardy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-security/mapserver
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

20. By Alan Boudreault

* SECURITY UPDATE: SQL Injection and buffer overflows (LP: #809133)
  - debian/patches/09_wfs_sql_injection.dpatch: Fix possible WFS
    SQL injection and buffer overflows in OGC Filter Encoding
    support. [http://trac.osgeo.org/mapserver/ticket/3874]
    [http://trac.osgeo.org/mapserver/ticket/3903]
  - CVE-2011-2703, CVE-2011-2704

19. By Alan Boudreault

* SECURITY UPDATE: Buffer overflow in msTmpFile function (LP: #603593)
  - debian/patches/07_mstmpfile.dpatch: Fix the buffer overflow.
  [http://trac.osgeo.org/mapserver/ticket/3484]
* SECURITY UPDATE: Insecure CGI command-line debug args (LP: #603593)
  - debian/patches/08_cl_debug_args.dpatch: Disable insecure mapserv
    CGI command-line debug args.
  [http://trac.osgeo.org/mapserver/ticket/3485]

18. By Alan Boudreault

* SECURITY UPDATE: stack-based buffer overflow (LP: #398814)
  - debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern
    to limit an id's value.
  - CVE-2009-0839
* SECURITY UPDATE: heap-based buffer underflow (LP: #398814)
  - debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for
    a post request and the content-length.
  - CVE-2009-0840, CVE-2009-2281
* SECURITY UPDATE: relative file path writing (LP: #398814)
  - debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size.
  - CVE-2009-0841
* SECURITY UPDATE: file data leakage (LP: #398814)
  - debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as mandatory.
  - CVE-2009-0842
* SECURITY UPDATE: file existence leakage (LP: #398814)
  - debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file extension.
  - CVE-2009-0843
* SECURITY UPDATE: paths specified in url vulnerabilities.
  - debian/patches/06_urlpath.dpatch: Disable the variable overwriting from URL of a
    few variables.
  - [http://trac.osgeo.org/mapserver/ticket/1836]

17. By Fabio Tranchitella

* debian/php5-mapscript.postinst: fixed a typo. (Closes: #446985)
* debian/patches/20_php_build.dpatch: removed. (Closes: #447814)
* debian/po/gl.po: added. (Closes: #447939)
* debian/po/fr.po: added. (Closes: #448821)

16. By Fabio Tranchitella

debian/rules, debian/controls: new patch for the ruby bindings, which
follows the ruby policy draft.

15. By Andreas Putzo

[ Andreas Putzo ]
* New upstream release.
  - Fixed XSS vulnerabilities.
    [http://trac.osgeo.org/mapserver/ticket/2256]
  - Fixed possible buffer overflow in template processing.
    [http://trac.osgeo.org/mapserver/ticket/2252]
  (Closes: #439346)
* Added myself to Uploaders.
* Debconf templates and debian/control reviewed by the debian-l10n-
  english team as part of the Smith review project. Closes: #433710
* Debconf translation updates:
  - Galician. Closes: #434326
  - Tamil. Closes: #434401
  - Russian. Closes: #434406
  - Portuguese. Closes: #434438
  - German. Closes: #434653
  - Vietnamese. Closes: #434758
  - French. Closes: #435933
  - Czech. Closes: #436280
  - Dutch. Closes: #436853

14. By Fabio Tranchitella

[ Francesco Paolo Lovergine ]
* New upstream release.
  (closes: #412836)
* Fixed PHP case in long descriptions.
  (closes: #425987)

[ Fabio Tranchitella ]
* debian/README.Debian: added a note about PHP and FCGI support.
  (Closes: #425571)

13. By Michael Bienia

Rebuild for the libcurl4 -> libcurl3 back transition.

12. By Francesco Paolo Lovergine

[ Francesco Paolo Lovergine ]
* debian/po/nl.po added. (closes: #415504)
* Moved to gdal 1.4.1 dependency. (closes: #424635, #423538)
* Removed php4 support (closes: #418313)
* Updated long descriptions.
* Removed Thomas Sondag among Uploaders (last contribute dated more than 2 years ago).
* Moved to libcurl4 build-deps.
* Added a debian/README.etch for notes on backporting.
* Moved to debhelper compatibility level 5.
* Removed superfluous dh_python in debian/rules.
* A new debian/control.etch file has been introduced to retain etch compatibility.
  All php4 related files have been maintained for the same reason. Please, don't remove them!
* Merging other relevant patches from BSP NMU 4.10.0-6.1. Thanks Luk Claes.
 - Fixed package priority to meet overrides
 - Fix language in description (closes: #416449)
 - Add Dutch debconf translation (closes: #415504)

[ Fabio Tranchitella ]
* New upstream release.

11. By Michael Bienia

* Don't build a php4 module anymore.
* debian/control: Change Maintainer/XSBC-Original-Maintainer field.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/mapserver
This branch contains Public information 
Everyone can see this information.

Subscribers