[mapserver-dev] [motion] release 5.6.9, 6.0.4, 6.2.2 and 6.4.1
thomas bonfort
thomas.bonfort at gmail.com
Tue Dec 31 07:02:31 PST 2013
Bas,
My personal opinion is that a CVE wouldn't be needed as the
vulnerability is not exploitable other than to return unfiltered data
from the table, something that could/can already be done in a "valid"
way by requesting an infinite time range. Again, this is my personal
understanding, and if incorrect would indeed require a CVE.
I'll pass the buck down to someone more knowledgeable of the issue to
make the final call...
regards,
thomas
On 31 December 2013 15:26, Sebastiaan Couwenberg <sebastic at xs4all.nl> wrote:
> Have you considered requesting a CVE for the vulnerability to ease
> tracking the patching of it by the various distributions?
>
> http://cve.mitre.org/
>
> Kind Regards,
>
> Bas
>
>
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-dev
More information about the mapserver-dev
mailing list