[Ubuntu] Fixing CVE-2016-9839 for mapserver
Bas Couwenberg
sebastic at xs4all.nl
Wed Dec 7 02:21:19 PST 2016
On 2016-12-07 11:11, Johan Van de Wauw wrote:
>>> The above also affects the mapservers packages in the UbuntuGIS PPAs.
>>>
>>> I've updated the mapserver package to 7.0.3 for xenial & trusty in
>>> ubuntugis-unstable already, these still need to be copied to -testing
>>> &
>>> -stable though.
>
> What about the packages in universe? I have some time to update those
> tomorrow - I just want to avoid doing double work so checking if you
> started working on that.
Ideally those should be fixed too. The packages in need of an update are
listed in the Ubuntu Security Tracker:
https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-9839.html
If you want to prepare those updates, please do. You can use the patch
from the wheezy package for precise, the patch from the jessie package
for trusty, and will need to extract the patch from git for mapserver
7.0 in xenial & yakkety. zesty should get fixed automatically when they
sync 7.0.3 from unstable.
Kind Regards,
Bas
More information about the Ubuntu
mailing list