Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 606612 (CVE-2017-5522) - <sci-geosciences/mapserver-7.0.5: stack buffer overflow allowing remote code execution
Summary: <sci-geosciences/mapserver-7.0.5: stack buffer overflow allowing remote code ...
Status: RESOLVED FIXED
Alias: CVE-2017-5522
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://lists.osgeo.org/pipermail/map...
Whiteboard: B2 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-01-20 15:04 UTC by Thomas Deutschmann (RETIRED)
Modified: 2019-09-07 17:59 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Deutschmann (RETIRED) gentoo-dev 2017-01-20 15:04:14 UTC 
From $URL:

MapServer 6.0.6, 6.2.4, 6.4.5 and 7.0.4 are released

Today the project team released versions 6.0.6, 6.2.4, 6.4.5 and 7.0.4 of MapServer. This is primarily a security release to address CVE-2017-5522. That issue involves a buffer overflow identified by MapServer developers associated with specific WFS get feature requests.

All users are encouraged to update to the latest version as soon as possible. Source distributions are available through http://mapserver.org/ and we expect binary distributions to be updated in the near future.


Upstream patch: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df


@ Maintainer(s): Please bump to >=sci-geosciences/mapserver-7.0.4
Comment 1 Jeroen Roovers (RETIRED) gentoo-dev 2019-01-04 09:45:29 UTC 
commit 1296bb9468cea2befca32731a8ca1fe831951252
Author: Ettore Di Giacinto <mudler@gentoo.org>
Date:   Tue May 23 20:22:11 2017 +0200

    sci-geosciences/mapserver: Bump version to 7.0.5 bug #606612

    - Bump to EAPI 6
    - migrated to php-ext-source-r3
    - Add patch to address compilation bug

    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=606612
    Package-Manager: Portage-2.3.5, Repoman-2.3.2
Comment 2 Jeroen Roovers (RETIRED) gentoo-dev 2019-01-04 09:45:52 UTC 
commit 810e843cd8195281fe783129291d4cc94ed576b2
Author: Andreas Sturmlechner <asturm@gentoo.org>
Date:   Sun Oct 14 21:53:51 2018 +0200

    sci-geosciences/mapserver: Drop 7.0.3

    Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org>
    Package-Manager: Portage-2.3.51, Repoman-2.3.11
Comment 3 Aaron Bauman (RETIRED) gentoo-dev 2019-09-07 17:59:02 UTC 
package is unstable meow.