Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2009-0840 CVE-2009-2281

Source

Debian Bug report logs - #535340
mapserver: heap-based buffer overflow because due to integer overflow in content-length handling

Package: mapserver; Maintainer for mapserver is Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>;

Reported by: Nico Golde <nion@debian.org>

Date: Wed, 1 Jul 2009 17:48:02 UTC

Severity: grave

Tags: security

Fixed in version mapserver/5.4.2-1

Done: Alan Boudreault <aboudreault@mapgears.com>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#535340; Package mapserver. (Wed, 01 Jul 2009 17:48:04 GMT) (full text, mbox, link).

Acknowledgement sent to Nico Golde <nion@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Debian Testing Security Team <secure-testing-team@lists.alioth.debian.org>, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>. (Wed, 01 Jul 2009 17:48:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: mapserver
Severity: grave
Tags: security
Justification: user security hole

Hi,
As described in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=523027#14
the fix for CVE-2009-0840 was not correct. A new CVE id got assigned to this:
CVE-2009-2281. Please reference it in the changelog if you fix this bug.

Cheers
Nico

Reply sent to Alan Boudreault <aboudreault@mapgears.com>:
You have taken responsibility. (Mon, 27 Jul 2009 21:45:08 GMT) (full text, mbox, link).

Notification sent to Nico Golde <nion@debian.org>:
Bug acknowledged by developer. (Mon, 27 Jul 2009 21:45:08 GMT) (full text, mbox, link).

Message #10 received at 535340-close@bugs.debian.org (full text, mbox, reply):

Source: mapserver
Source-Version: 5.4.2-1

We believe that the bug you reported is fixed in the latest version of
mapserver, which is due to be installed in the Debian FTP archive:

cgi-mapserver_5.4.2-1_i386.deb
  to pool/main/m/mapserver/cgi-mapserver_5.4.2-1_i386.deb
libmapscript-ruby1.8_5.4.2-1_i386.deb
  to pool/main/m/mapserver/libmapscript-ruby1.8_5.4.2-1_i386.deb
libmapscript-ruby1.9_5.4.2-1_i386.deb
  to pool/main/m/mapserver/libmapscript-ruby1.9_5.4.2-1_i386.deb
libmapscript-ruby_5.4.2-1_all.deb
  to pool/main/m/mapserver/libmapscript-ruby_5.4.2-1_all.deb
mapserver-bin_5.4.2-1_i386.deb
  to pool/main/m/mapserver/mapserver-bin_5.4.2-1_i386.deb
mapserver-doc_5.4.2-1_all.deb
  to pool/main/m/mapserver/mapserver-doc_5.4.2-1_all.deb
mapserver_5.4.2-1.diff.gz
  to pool/main/m/mapserver/mapserver_5.4.2-1.diff.gz
mapserver_5.4.2-1.dsc
  to pool/main/m/mapserver/mapserver_5.4.2-1.dsc
mapserver_5.4.2.orig.tar.gz
  to pool/main/m/mapserver/mapserver_5.4.2.orig.tar.gz
perl-mapscript_5.4.2-1_i386.deb
  to pool/main/m/mapserver/perl-mapscript_5.4.2-1_i386.deb
php5-mapscript_5.4.2-1_i386.deb
  to pool/main/m/mapserver/php5-mapscript_5.4.2-1_i386.deb
python-mapscript_5.4.2-1_i386.deb
  to pool/main/m/mapserver/python-mapscript_5.4.2-1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 535340@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alan Boudreault <aboudreault@mapgears.com> (supplier of updated mapserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 24 Jul 2009 09:16:45 -0400
Source: mapserver
Binary: php5-mapscript perl-mapscript cgi-mapserver python-mapscript mapserver-bin mapserver-doc libmapscript-ruby libmapscript-ruby1.8 libmapscript-ruby1.9
Architecture: source all i386
Version: 5.4.2-1
Distribution: unstable
Urgency: high
Maintainer: Francesco Paolo Lovergine <frankie@debian.org>
Changed-By: Alan Boudreault <aboudreault@mapgears.com>
Description: 
 cgi-mapserver - CGI executable for MapServer
 libmapscript-ruby - Ruby MapServer library
 libmapscript-ruby1.8 - Ruby MapServer library
 libmapscript-ruby1.9 - Ruby MapServer library
 mapserver-bin - MapServer utilities
 mapserver-doc - documentation for MapServer
 perl-mapscript - Perl MapServer library
 php5-mapscript - php5-cgi module for MapServer
 python-mapscript - Python library for MapServer
Closes: 532446 535340
Changes: 
 mapserver (5.4.2-1) unstable; urgency=high
 .
   * New upstream release, with a few fixes.
     Proper fix for CVE-2009-0840.
     (closes: #535340, #532446)
Checksums-Sha1: 
 0a3de85db8f2da02758140e784f430bb24540339 2016 mapserver_5.4.2-1.dsc
 4afe4719ad37c77aeeed83f33059e4ba053dcfa1 1877995 mapserver_5.4.2.orig.tar.gz
 7edd06981d9ba885b2481da0dedd09051874ff81 1446539 mapserver_5.4.2-1.diff.gz
 dad7e8c9d9c6ac9aef92ab11b17f974dea4b5d70 56526 mapserver-doc_5.4.2-1_all.deb
 7f00f6655f97e719f555dc8528eb7c533a3238a1 54022 libmapscript-ruby_5.4.2-1_all.deb
 6c3b06a568f317433232be3862e09f76ad2cd925 775152 php5-mapscript_5.4.2-1_i386.deb
 f585fc9236eac398929e170766e7e328e9bd994f 973814 perl-mapscript_5.4.2-1_i386.deb
 8c20ca708cebb98229c1861029cd3c0975bec8ec 705182 cgi-mapserver_5.4.2-1_i386.deb
 7dcf1911ac7919ad8ba246c606b32b4dd41a6696 1591572 python-mapscript_5.4.2-1_i386.deb
 ffe3d0b5bb484400e3a6a4d113e84e5e9b0e94fd 5173688 mapserver-bin_5.4.2-1_i386.deb
 66919b0eed00406a25cf753c284ec2e74c7a4a27 844926 libmapscript-ruby1.8_5.4.2-1_i386.deb
 6b77a4c2606bc579cd420b9aba1a0b80d9ee5f9a 845162 libmapscript-ruby1.9_5.4.2-1_i386.deb
Checksums-Sha256: 
 300f722de9763c7a84daa68b9da67afc117664c6c40f9c12404671663b76c663 2016 mapserver_5.4.2-1.dsc
 a7005a809c7494cf2ca1648350eab601cc1af34709b127587679bce349e5e185 1877995 mapserver_5.4.2.orig.tar.gz
 b4c9b530daec3e2a954a6a4e1a2fe25e92c31c2aa7f20d54ac3aab100d21bf17 1446539 mapserver_5.4.2-1.diff.gz
 ea33761a3187f18333607b8b1644f752690d2cd7a491638d2ccee090198827a6 56526 mapserver-doc_5.4.2-1_all.deb
 d698bb0527518eb65bcae0b72c2f26b77fedfb29ab6c773f11b70fbf8b65bfe4 54022 libmapscript-ruby_5.4.2-1_all.deb
 b6ef8a79b7e81eb943d3b7ba932fc9eb2e549499e6190cf05fa2271da982fc37 775152 php5-mapscript_5.4.2-1_i386.deb
 7e6098a154d5495df5b37efd30fe517eedd515904c13c4379befb231de3b8f6d 973814 perl-mapscript_5.4.2-1_i386.deb
 7ed1a95d32a42573a6585b0fa2feb23a1600c13993d463a7165b763db37cb415 705182 cgi-mapserver_5.4.2-1_i386.deb
 6c98c30b0fb068f433ea315221a2fb6666bcb1921991dc2aa047f82c626144e8 1591572 python-mapscript_5.4.2-1_i386.deb
 7327f4c9402986f9b7c8b010250718280854048a9d7cc0845d3dd6ee7b39a1ae 5173688 mapserver-bin_5.4.2-1_i386.deb
 87b40e45c3ef1032cdb22c288c80d26a47b21bcd87fe78a7d37cca432fda74b9 844926 libmapscript-ruby1.8_5.4.2-1_i386.deb
 4b90d4b5cf62236f026b0b242c74b85eec436ad1047dfb21cc0403a5d6299974 845162 libmapscript-ruby1.9_5.4.2-1_i386.deb
Files: 
 062ac0e405ee3731a22c0449014c3f41 2016 devel optional mapserver_5.4.2-1.dsc
 7c58bb90f5003fcfaec4320cc652a669 1877995 devel optional mapserver_5.4.2.orig.tar.gz
 77a3ea48385944bc050568359e789378 1446539 devel optional mapserver_5.4.2-1.diff.gz
 6cc37440f89bde956896cb1de3340bfa 56526 doc optional mapserver-doc_5.4.2-1_all.deb
 307f2c29b732bf63d28afd91d649d5f7 54022 ruby optional libmapscript-ruby_5.4.2-1_all.deb
 46baaf07c4e22440e4ed5a9b90de8a28 775152 php optional php5-mapscript_5.4.2-1_i386.deb
 3116dde79ae74bb86b0773f8bb641193 973814 perl optional perl-mapscript_5.4.2-1_i386.deb
 afcf86f6241368dadd9a2d64556a8e66 705182 web optional cgi-mapserver_5.4.2-1_i386.deb
 a0811863c1a54bb416a952386336043c 1591572 python optional python-mapscript_5.4.2-1_i386.deb
 2dee89305730a0eaf9da3c7b9c326fe2 5173688 misc optional mapserver-bin_5.4.2-1_i386.deb
 ace6f2629067dbd016d57b6039217732 844926 ruby optional libmapscript-ruby1.8_5.4.2-1_i386.deb
 4b3bbada7faaeb75550ea258d5537e56 845162 ruby optional libmapscript-ruby1.9_5.4.2-1_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkpuB/gACgkQpFNRmenyx0cVVACffvTd8dBOyZ65vlLVPLftbBtv
2IUAoPx+06X8gHcZH2wWi+P5bu/zGc9h
=83Ey
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 31 Jan 2010 07:34:16 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 15:01:20 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

mapserver: heap-based buffer overflow because due to integer overflow in content-length handling

Debian Bug report logs - #535340
mapserver: heap-based buffer overflow because due to integer overflow in content-length handling

Vulmon Search

About

Products

Connect

mapserver: heap-based buffer overflow because due to integer overflow in content-length handling

Debian Bug report logs - #535340 mapserver: heap-based buffer overflow because due to integer overflow in content-length handling

Vulmon Search

About

Products

Connect

Debian Bug report logs - #535340
mapserver: heap-based buffer overflow because due to integer overflow in content-length handling