According to https://mapserver.org/download.html and https://mapserver.org/development/announce/7-4.html#announce-7-4 a new version of Mapserver is available.
btw: it's already mentioned in bug 649772 (comment 1)
Maintainer(s), please drop the vulnerable version(s).
(In reply to sam_c (Security Padawan) from comment #2) > Maintainer(s), please drop the vulnerable version(s). Sorry, this isn't right (ignore). The title change confused me. Please let us know if you can create a new ebuild for this.
@maintainer(s), please create an appropriate ebuild.
Ping for Ebuild
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18c6a60dd2029db1fde5b5078d2647dc4daf1d55 commit 18c6a60dd2029db1fde5b5078d2647dc4daf1d55 Author: Sam James <sam@gentoo.org> AuthorDate: 2020-07-06 11:25:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-09 00:32:26 +0000 sci-geosciences/mapserver: security bump to 7.6.0 Changes: * Bump to 7.6.0 * Add PHP 7.x support, new module w/ multiple builds * Add Python 3.x, multiple builds * Drop old Proj compatibility workaround * Tidy up plenty of dependencies * Use sub-slot operator where appropriate * Use php-ext-source-r3's functions to simplify ebuild * Modernise as much as possible, bar EAPI 7 because of depend.apache. Bug: https://bugs.gentoo.org/688290 Closes: https://bugs.gentoo.org/649772 Closes: https://bugs.gentoo.org/659260 Closes: https://bugs.gentoo.org/666054 Closes: https://bugs.gentoo.org/729100 Package-Manager: Portage-2.3.103, Repoman-2.3.22 Signed-off-by: Sam James <sam@gentoo.org> sci-geosciences/mapserver/Manifest | 1 + sci-geosciences/mapserver/mapserver-7.6.0.ebuild | 289 +++++++++++++++++++++++ sci-geosciences/mapserver/metadata.xml | 6 +- 3 files changed, 293 insertions(+), 3 deletions(-)
Let's give it a little bit to make sure it's OK, then cleanup.
(In reply to Sam James from comment #7) > Let's give it a little bit to make sure it's OK, then cleanup. Cleanup: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a978c51583a22031f007f5c5d22719b0360e9f4 XSS, unstable package => noglsa. Closing.