[mapserver-dev] [motion] release 5.6.9, 6.0.4, 6.2.2 and 6.4.1

thomas bonfort thomas.bonfort at gmail.com
Tue Dec 31 07:02:31 PST 2013

My personal opinion is that a CVE wouldn't be needed as the
vulnerability is not exploitable other than to return unfiltered data
from the table, something that could/can already be done in a "valid"
way by requesting an infinite time range. Again, this is my personal
understanding, and if incorrect would indeed require a CVE.

I'll pass the buck down to someone more knowledgeable of the issue to
make the final call...


On 31 December 2013 15:26, Sebastiaan Couwenberg <sebastic at xs4all.nl> wrote:
> Have you considered requesting a CVE for the vulnerability to ease
> tracking the patching of it by the various distributions?
> http://cve.mitre.org/
> Kind Regards,
> Bas
> _______________________________________________
> mapserver-dev mailing list
> mapserver-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/mapserver-dev

More information about the mapserver-dev mailing list