[Ubuntu] Re: [DebianGIS] [Fwd: Motion: Adopt RFC-56 and release MapServer 4.10.4 and 5.2.2]

Alan Boudreault aboudreault at mapgears.com
Thu Mar 26 18:55:57 EDT 2009 

I think the formal process would be to open a bug in the debian BTS, 
with the appropriate severity. I could do it tomorrow just to be sure 
the bug won't be lost until someone get free time to fix that.

Alan

Daniel Morissette wrote:
> See attached message, this is a heads up that a MapServer release with 
> security fixes will be available very shortly. The announcement will be 
> made later tonight or first thing tomorrow morning and new source 
> packages for 5.2.2 and 4.10.4 are already available on the download server:
>
> http://download.osgeo.org/mapserver/mapserver-5.2.2.tar.gz
> http://download.osgeo.org/mapserver/mapserver-4.10.4.tar.gz
>
> BTW, is there a formal process for notifications of security fixes to 
> your projects?
>
> Daniel
>
>
> -------- Original Message --------
> Subject: Motion: Adopt RFC-56 and release MapServer 4.10.4 and 5.2.2
> Date: Thu, 26 Mar 2009 14:20:01 -0400
> From: Daniel Morissette <dmorissette at mapgears.com>
> To: 'MapServer Dev Mailing List' <mapserver-dev at lists.osgeo.org>
>
> Some security vulnerabilities have been found and reported to us
> following an audit of MapServer's mapserv CGI. We have worked on this
> off-list with other PSC members to come up with a solution before making
> anything public.
>
> The outcome of this is five tickets (#2939, #2941, #2942, #2943, #2944)
> and corresponding fixes:
>    http://trac.osgeo.org/mapserver/ticket/2939
>    http://trac.osgeo.org/mapserver/ticket/2941
>    http://trac.osgeo.org/mapserver/ticket/2942
>    http://trac.osgeo.org/mapserver/ticket/2943
>    http://trac.osgeo.org/mapserver/ticket/2944
>
> as well as a new RFC-56 about tightening up control of access to
> mapfiles and templates:
>    http://mapserver.org/development/rfc/ms-rfc-56.html
>
>
> Motion:
>
> I hereby motion that we release MapServer 5.2.2 and 4.10.4 ASAP with
> fixes for tickets (#2939, #2941, #2942, #2943, #2944) and the
> implementation of RFC-56. MapServer 5.4.0 beta4 should also follow
> within a few days with the same fixes.
>
> I start with my +1
>
> Daniel
>   


-- 
Alan Boudreault
Mapgears
http://www.mapgears.com/

More information about the Ubuntu mailing list