This bug was fixed in the package mapserver - 5.0.3-2ubuntu0.1
---------------
mapserver (5.0.3-2ubuntu0.1) intrepid-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow (LP: #398814)
- debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern
to limit an id's value.
- CVE-2009-0839
* SECURITY UPDATE: heap-based buffer underflow (LP: #398814)
- debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for
a post request and the content-length.
- CVE-2009-0840, CVE-2009-2281
* SECURITY UPDATE: relative file path writing (LP: #398814)
- debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size.
- CVE-2009-0841
* SECURITY UPDATE: file data leakage (LP: #398814)
- debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as
mandatory.
- CVE-2009-0842
* SECURITY UPDATE: file existence leakage (LP: #398814)
- debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file
extension.
- CVE-2009-0843
* SECURITY UPDATE: paths specified in url vulnerabilities.
- debian/patches/06_urlpath.dpatch: Disable the variable overwriting from
URL of a
few variables.
- [http://trac.osgeo.org/mapserver/ticket/1836]
-- Alan Boudreault <aboudrea...@mapgears.com> Thu, 23 Jul 2009
08:53:05 -0400
** Changed in: mapserver (Ubuntu Hardy)
Status: Fix Committed => Fix Released
--
security: anyone can make mapserv read or write arbitrary files
https://bugs.launchpad.net/bugs/398814
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
