From $url: IMPORTANT SECURITY FIXES: - Disabled some insecure (and potentially exploitable) mapserv command-line debug arguments (#3485). The --enable-cgi-cl-debug-args configure switch can be used to re-enable them for devs who really cannot get away without them and who understand the potential security risk (not recommended for production servers or those who don't understand the security implications). - Fixed possible buffer overflow in msTmpFile() (#3484)
CVE-2010-2539 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2539): Buffer overflow in the msTmpFile function in maputil.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 allows local users to cause a denial of service via vectors involving names of temporary files. CVE-2010-2540 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2540): mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 does not properly restrict the use of CGI command-line arguments that were intended for debugging, which allows remote attackers to have an unspecified impact via crafted arguments.
I added 6.0_rc1 and 5.6.6 to cvs. All older were dropped. The older releases were never stable. @security: your turn guys, and sorry it took so long.
(In reply to comment #2) > I added 6.0_rc1 and 5.6.6 to cvs. All older were dropped. > > The older releases were never stable. > Great, thank you. Closing noglsa since there were no stable ebuilds.