Ubuntu
mapserver package

lp:ubuntu/jaunty-security/mapserver

Jaunty (9.04)
jaunty-security

Created by James Westby on 2009-08-20 and last modified on 2010-08-16

Get this branch:: bzr branch lp:ubuntu/jaunty-security/mapserver

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Mature

Recent revisions

13. By Brian Thomason on 2010-08-13: * SECURITY UPDATE: buffer overflow (LP: #617489)
  - debian/patches/07_mstmpfile.dpatch: Fix buffer overflow in msTmpFile
    function in maputil.c.
  - CVE-2010-2539
  - Patch provided by Debian in Lenny (DSA-2079-1)
* SECURITY UPDATE: CGI arg passing restrictions (LP: #617489)
  - debian/patches/08_cl_debug_args.dpatch: estrict the use of CGI
    command-line arguments that were intended for debugging in mapserv.c.
  - CVE-2010-2540
  - Patch provided by Debian in Lenny (DSA-2079-1)
12. By Alan Boudreault on 2009-08-18: * SECURITY UPDATE: stack-based buffer overflow (LP: #398814)
  - debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern
    to limit an id's value.
  - CVE-2009-0839
* SECURITY UPDATE: heap-based buffer underflow (LP: #398814)
  - debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for
    a post request and the content-length.
  - CVE-2009-0840, CVE-2009-2281
* SECURITY UPDATE: relative file path writing (LP: #398814)
  - debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size.
  - CVE-2009-0841
* SECURITY UPDATE: file data leakage (LP: #398814)
  - debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as mandatory.
  - CVE-2009-0842
* SECURITY UPDATE: file existence leakage (LP: #398814)
  - debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file extension.
  - CVE-2009-0843
* SECURITY UPDATE: paths specified in url vulnerabilities.
  - debian/patches/06_urlpath.dpatch: Disable the variable overwriting from URL of a
    few variables.
  - [http://trac.osgeo.org/mapserver/ticket/1836]
11. By Alessio Treglia on 2009-03-10: No change rebuild to build with Python 2.6.
10. By Francesco Paolo Lovergine on 2008-07-15: * Updated sv.po template.
(closes: #488704)
* Turning on again optimization, #487679 was due to GDAL oddity solved in 1.5.2-3.
9. By Fabio Tranchitella on 2006-12-18: * debian/po/pt.po: updated. (Closes: #401386)
* debian/po/fr.po: added. (Closes: #399395)
8. By Fabio Tranchitella on 2006-11-02: debian/control: build-depends on libpq-dev. (Closes: #396565)
7. By Petter Reinholdtsen <email address hidden> on 2006-05-01: [ Petter Reinholdtsen ]
Fix typos in the config and prerm scripts for
php[45]-mapscript. (Closes: #363115)
6. By Chuck Short on 2006-04-22: * debian/rules
* Added tile4ms to debian/rules. (Closes: Malone #40599)
5. By Lukas Fittl <email address hidden> on 2006-02-10: * Rebuild to update php api dependencies
* Updated *.dirs files for php api updates
4. By Paul Wise (Debian) on 2005-12-06: * Install php extensions into the directory output by php-configN and depend
on the phpapi virtual package specified by php-configN (Closes: #339007)
* Add myself to Uploaders.
* Upload sponsored by Petter Reinholdtsen.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/mapserver

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntumapserver package