Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 688290 - <sci-geosciences/mapserver-7.6.0: Potential cross-site scripting (XSS) security issue with [layers] tag
Summary: <sci-geosciences/mapserver-7.6.0: Potential cross-site scripting (XSS) securi...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL:
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2019-06-18 10:49 UTC by Thomas Beutin
Modified: 2020-07-14 13:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Beutin 2019-06-18 10:49:40 UTC 
According to https://mapserver.org/download.html and https://mapserver.org/development/announce/7-4.html#announce-7-4 a new version of Mapserver is available.
Comment 1 Thomas Beutin 2019-06-18 10:51:31 UTC 
btw: it's already mentioned in bug 649772 (comment 1)
Comment 2 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-15 22:19:08 UTC 
Maintainer(s), please drop the vulnerable version(s).
Comment 3 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-15 22:19:54 UTC 
(In reply to sam_c (Security Padawan) from comment #2)
> Maintainer(s), please drop the vulnerable version(s).

Sorry, this isn't right (ignore). The title change confused me.

Please let us know if you can create a new ebuild for this.
Comment 4 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-03-30 15:10:14 UTC 
@maintainer(s), please create an appropriate ebuild.
Comment 5 Yury German Gentoo Infrastructure gentoo-dev 2020-05-21 23:39:48 UTC 
Ping for Ebuild
Comment 6 Larry the Git Cow gentoo-dev 2020-07-09 00:32:53 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=18c6a60dd2029db1fde5b5078d2647dc4daf1d55

commit 18c6a60dd2029db1fde5b5078d2647dc4daf1d55
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2020-07-06 11:25:39 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2020-07-09 00:32:26 +0000

    sci-geosciences/mapserver: security bump to 7.6.0
    
    Changes:
    * Bump to 7.6.0
    * Add PHP 7.x support, new module w/ multiple builds
    * Add Python 3.x, multiple builds
    * Drop old Proj compatibility workaround
    * Tidy up plenty of dependencies
    * Use sub-slot operator where appropriate
    * Use php-ext-source-r3's functions to simplify ebuild
    * Modernise as much as possible, bar EAPI 7 because
      of depend.apache.
    
    Bug: https://bugs.gentoo.org/688290
    Closes: https://bugs.gentoo.org/649772
    Closes: https://bugs.gentoo.org/659260
    Closes: https://bugs.gentoo.org/666054
    Closes: https://bugs.gentoo.org/729100
    Package-Manager: Portage-2.3.103, Repoman-2.3.22
    Signed-off-by: Sam James <sam@gentoo.org>

 sci-geosciences/mapserver/Manifest               |   1 +
 sci-geosciences/mapserver/mapserver-7.6.0.ebuild | 289 +++++++++++++++++++++++
 sci-geosciences/mapserver/metadata.xml           |   6 +-
 3 files changed, 293 insertions(+), 3 deletions(-)
Comment 7 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-09 00:34:43 UTC 
Let's give it a little bit to make sure it's OK, then cleanup.
Comment 8 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2020-07-14 13:07:12 UTC 
(In reply to Sam James from comment #7)
> Let's give it a little bit to make sure it's OK, then cleanup.

Cleanup: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1a978c51583a22031f007f5c5d22719b0360e9f4

XSS, unstable package => noglsa. Closing.