Comment 16 for bug 398814

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mapserver - 5.0.3-2ubuntu0.1

---------------
mapserver (5.0.3-2ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: stack-based buffer overflow (LP: #398814)
    - debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern
      to limit an id's value.
    - CVE-2009-0839
  * SECURITY UPDATE: heap-based buffer underflow (LP: #398814)
    - debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for
      a post request and the content-length.
    - CVE-2009-0840, CVE-2009-2281
  * SECURITY UPDATE: relative file path writing (LP: #398814)
    - debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size.
    - CVE-2009-0841
  * SECURITY UPDATE: file data leakage (LP: #398814)
    - debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as mandatory.
    - CVE-2009-0842
  * SECURITY UPDATE: file existence leakage (LP: #398814)
    - debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file extension.
    - CVE-2009-0843
  * SECURITY UPDATE: paths specified in url vulnerabilities.
    - debian/patches/06_urlpath.dpatch: Disable the variable overwriting from URL of a
      few variables.
    - [http://trac.osgeo.org/mapserver/ticket/1836]

 -- Alan Boudreault <email address hidden> Thu, 23 Jul 2009 08:53:05 -0400