mapserver: CVE-2013-7262

Debian Bug report logs - #734565
mapserver: CVE-2013-7262

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: mapserver: CVE-2013-7262

Date: Wed, 08 Jan 2014 08:25:22 +0100

Package: mapserver
Severity: important
Tags: security upstream patch

Hi,

the following vulnerability was published for mapserver.

CVE-2013-7262[0]:
| SQL injection vulnerability in the msPostGISLayerSetTimeFilter
| function in mappostgis.c in MapServer before 6.4.1, when a WMS-Time
| service is used, allows remote attackers to execute arbitrary SQL
| commands via a crafted string in a PostGIS TIME filter.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7262
    http://security-tracker.debian.org/tracker/CVE-2013-7262
[1] https://github.com/mapserver/mapserver/issues/4834

Please adjust the affected versions in the BTS as needed, at least
unstable from looking at source seems affected.

Regards,
Salvatore

Message #10 received at 734565@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

To: Salvatore Bonaccorso <carnil@debian.org>, 734565@bugs.debian.org

Subject: Re: Bug#734565: mapserver: CVE-2013-7262

Date: Wed, 08 Jan 2014 08:40:35 +0100

On 01/08/2014 08:25 AM, Salvatore Bonaccorso wrote:
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

The new mapserver packages were prepared before the CVE was available.

> Please adjust the affected versions in the BTS as needed, at least
> unstable from looking at source seems affected.

Unstable is no longer affect with the upload of mapserver 6.4.1, wheezy
and squeeze still are, but the proposed updates for both are waiting for
feedback from the release team:

Bug#734099:  pu: package mapserver/6.0.4-1
Bug#734118: opu: package mapserver/5.6.9-1

Kind Regards,

Bas

-- 
GnuPG: 0xE88D4AF1 (new) / 0x77A975AD (old)

Message #15 received at 734565@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

To: 734565@bugs.debian.org

Subject: Fixed versions

Date: Wed, 08 Jan 2014 08:43:13 +0100

Control: fixed -1 mapserver/6.4.1-1
Control: fixed -1 mapserver/6.0.4-1
Control: fixed -1 mapserver/5.6.9-1
Control: tags -1 pending

Message #28 received at 734565@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Sebastiaan Couwenberg <sebastic@xs4all.nl>

Cc: 734565@bugs.debian.org

Subject: Re: Bug#734565: mapserver: CVE-2013-7262

Date: Wed, 8 Jan 2014 10:09:30 +0100

Hi Bas,

On Wed, Jan 08, 2014 at 08:40:35AM +0100, Sebastiaan Couwenberg wrote:
> On 01/08/2014 08:25 AM, Salvatore Bonaccorso wrote:
> > If you fix the vulnerability please also make sure to include the
> > CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> The new mapserver packages were prepared before the CVE was available.
> 
> > Please adjust the affected versions in the BTS as needed, at least
> > unstable from looking at source seems affected.
> 
> Unstable is no longer affect with the upload of mapserver 6.4.1, wheezy
> and squeeze still are, but the proposed updates for both are waiting for
> feedback from the release team:
> 
> Bug#734099:  pu: package mapserver/6.0.4-1
> Bug#734118: opu: package mapserver/5.6.9-1

Could you clarify if second commit referenced in

https://github.com/mapserver/mapserver/issues/4834
(WFS-2 specific fixes for postgis time sql injections (#4834,#4815))

is also needed? Is this relevant for Debian?

Thanks for your work, and regards,
Salvatore

Message #33 received at 734565@bugs.debian.org (full text, mbox, reply):

From: "Sebastiaan Couwenberg" <sebastic@xs4all.nl>

To: "Adam D. Barratt" <adam@adam-barratt.org.uk>

Cc: 734099@bugs.debian.org, 734565@bugs.debian.org

Subject: CVE for vulnerability now available: CVE-2013-7262

Date: Wed, 8 Jan 2014 10:45:46 +0100

> On 2014-01-08 7:51, Sebastiaan Couwenberg wrote:
>> Control: tags -1 security
>>
>> As reported by Salvatore Bonaccorso in #734565, there is now a CVE for
>> the security issue in question.
>>
>> Can I get a Go/No Go for uploading the proposed changes in the debdiff?
>
> You proposed the changes four days ago, including relatively large
> diffs; please give people time to review / process them rather than
> chasing so quickly.

Sorry if my question was seen as chasing the Release Team. I'm not trying
to pressure the RT.

My question was triggered by the bug filed today now that the CVE is
available.

> As a side note, the diffs were sufficiently large that neither of your
> bug reports reached the debian-release list, so several people may not
> have seen them yet.

I was afraid the debdiffs might be a bit too large. So I think the wise
thing to do is to prepare security uploads which only fix the CVE issue if
possible, and leave the other security and stability fixes for a later
(old)stable-update if the complete upstream stable release is considered
acceptable.

Message #38 received at 734565@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>

To: Salvatore Bonaccorso <carnil@debian.org>

Cc: 734565@bugs.debian.org

Subject: Re: Bug#734565: mapserver: CVE-2013-7262

Date: Wed, 08 Jan 2014 23:15:56 +0100

Hi Salvatore,

On 01/08/2014 10:09 AM, Salvatore Bonaccorso wrote:
> On Wed, Jan 08, 2014 at 08:40:35AM +0100, Sebastiaan Couwenberg wrote:
>> On 01/08/2014 08:25 AM, Salvatore Bonaccorso wrote:
>>> If you fix the vulnerability please also make sure to include the
>>> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>>
>> The new mapserver packages were prepared before the CVE was available.

I've prepared new mapserver packages for squeeze and wheezy with only
the fix for this CVE, the new stable upstream release route I initially
took is not proper to fix this issue.

mapserver (6.0.1-3.2+deb7u2) for wheezy:

http://mentors.debian.net/debian/pool/main/m/mapserver/mapserver_6.0.1-3.2+deb7u2.dsc

mapserver (5.6.5-2+squeeze3) for squeeze:

http://mentors.debian.net/debian/pool/main/m/mapserver/mapserver_5.6.5-2+squeeze3.dsc

The squeeze package contained debhelper.log files in the debian/
directory, which caused problems for clean pbuilder builds so they were
removed. And dpatch insisted in changing the permissions. I've included
these changes in the squeeze package too.

>>> Please adjust the affected versions in the BTS as needed, at least
>>> unstable from looking at source seems affected.
>>
>> Unstable is no longer affect with the upload of mapserver 6.4.1, wheezy
>> and squeeze still are, but the proposed updates for both are waiting for
>> feedback from the release team:
> 
> Could you clarify if second commit referenced in
> 
> https://github.com/mapserver/mapserver/issues/4834
> (WFS-2 specific fixes for postgis time sql injections (#4834,#4815))
> 
> is also needed? Is this relevant for Debian?

No, the WFS-2 specific commit shouldn't be relevant for Debian yet.

The vulnerability was discovered during the implementation of WFS 2.0
support in MapServer. That support only lives in the master branch for
now and will be included in the next major upstream release.

> Thanks for your work, and regards,
> Salvatore

If the security-team approves the package changes, shall I ask my
sponsor to upload the packages?

Kind Regards,

Bas

-- 
GnuPG: 0xE88D4AF1 (new) / 0x77A975AD (old)

Message #51 received at 734565@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: Sebastiaan Couwenberg <sebastic@xs4all.nl>

Cc: 734565@bugs.debian.org, team@security.debian.org

Subject: Re: Bug#734565: mapserver: CVE-2013-7262

Date: Fri, 10 Jan 2014 03:20:41 +0100

[Message part 1 (text/plain, inline)]

Hi Sebastiaan,

On Wed, Jan 08, 2014 at 11:15:56PM +0100, Sebastiaan Couwenberg wrote:
> Hi Salvatore,
> 
> On 01/08/2014 10:09 AM, Salvatore Bonaccorso wrote:
> > On Wed, Jan 08, 2014 at 08:40:35AM +0100, Sebastiaan Couwenberg wrote:
> >> On 01/08/2014 08:25 AM, Salvatore Bonaccorso wrote:
> >>> If you fix the vulnerability please also make sure to include the
> >>> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> >>
> >> The new mapserver packages were prepared before the CVE was available.
> 
> I've prepared new mapserver packages for squeeze and wheezy with only
> the fix for this CVE, the new stable upstream release route I initially
> took is not proper to fix this issue.
> 
> mapserver (6.0.1-3.2+deb7u2) for wheezy:
> 
> http://mentors.debian.net/debian/pool/main/m/mapserver/mapserver_6.0.1-3.2+deb7u2.dsc
> 
> mapserver (5.6.5-2+squeeze3) for squeeze:
> 
> http://mentors.debian.net/debian/pool/main/m/mapserver/mapserver_5.6.5-2+squeeze3.dsc
> 
> The squeeze package contained debhelper.log files in the debian/
> directory, which caused problems for clean pbuilder builds so they were
> removed. And dpatch insisted in changing the permissions. I've included
> these changes in the squeeze package too.
> 
> >>> Please adjust the affected versions in the BTS as needed, at least
> >>> unstable from looking at source seems affected.
> >>
> >> Unstable is no longer affect with the upload of mapserver 6.4.1, wheezy
> >> and squeeze still are, but the proposed updates for both are waiting for
> >> feedback from the release team:
> > 
> > Could you clarify if second commit referenced in
> > 
> > https://github.com/mapserver/mapserver/issues/4834
> > (WFS-2 specific fixes for postgis time sql injections (#4834,#4815))
> > 
> > is also needed? Is this relevant for Debian?
> 
> No, the WFS-2 specific commit shouldn't be relevant for Debian yet.
> 
> The vulnerability was discovered during the implementation of WFS 2.0
> support in MapServer. That support only lives in the master branch for
> now and will be included in the next major upstream release.

Okay thanks for this explanation. Regarding the upload for security:
We have tagged this issue 'no-dsa'[1] meaning that no DSA is planned
for this vulnerability only. So if you are planning to do a
(old)stable-proposed-updates upload, the above can be included there
(either by updating to a update to a upstream version as you propose
or by an isolated patch; depends on what release teams would like to
have for these two opu and pu requests).

 [1] https://security-tracker.debian.org/tracker/CVE-2013-7262

Thanks again for the quick followups,

Regards,
Salvatore

[signature.asc (application/pgp-signature, inline)]

Message #56 received at 734565-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 734565-close@bugs.debian.org

Subject: Bug#734565: fixed in mapserver 6.0.1-3.2+deb7u2

Date: Sun, 12 Jan 2014 23:32:06 +0000

Source: mapserver
Source-Version: 6.0.1-3.2+deb7u2

We believe that the bug you reported is fixed in the latest version of
mapserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 734565@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated mapserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Jan 2014 03:45:58 +0100
Source: mapserver
Binary: php5-mapscript libmapscript-perl cgi-mapserver python-mapscript mapserver-bin mapserver-doc libmapscript-ruby libmapscript-ruby1.8 libmapscript-ruby1.9.1
Architecture: source all amd64
Version: 6.0.1-3.2+deb7u2
Distribution: stable-proposed-updates
Urgency: low
Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 cgi-mapserver - CGI executable for MapServer
 libmapscript-perl - Perl MapServer module
 libmapscript-ruby - Ruby MapServer library
 libmapscript-ruby1.8 - Ruby MapServer library
 libmapscript-ruby1.9.1 - Ruby MapServer library
 mapserver-bin - MapServer utilities
 mapserver-doc - documentation for MapServer
 php5-mapscript - php5-cgi module for MapServer
 python-mapscript - Python library for MapServer
Closes: 734565
Changes: 
 mapserver (6.0.1-3.2+deb7u2) stable-proposed-updates; urgency=low
 .
   * Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
     msPostGISLayerSetTimeFilter function in mappostgis.c.
     (closes: #734565)
Checksums-Sha1: 
 b0adfda5df7e68c48c5c0f913dec2b5d9e7079ec 3062 mapserver_6.0.1-3.2+deb7u2.dsc
 5ae76763a0ecd83ed55f324ffb5dfe587a84fc5c 29026 mapserver_6.0.1-3.2+deb7u2.debian.tar.gz
 329bb47737c6ee3c3503dda52ef9141ebb2d6894 95340 mapserver-doc_6.0.1-3.2+deb7u2_all.deb
 90ac81bbe58d05788605ece9145e4fd2605c410e 69296 libmapscript-ruby_6.0.1-3.2+deb7u2_all.deb
 7cacf54ec8b090f7ab214fa28999a3e9ba494781 1023516 php5-mapscript_6.0.1-3.2+deb7u2_amd64.deb
 7a00f8f84d34c637882528a21ad38bb58b735e9a 1178958 libmapscript-perl_6.0.1-3.2+deb7u2_amd64.deb
 8902db53b831f15a6c55ad2c445a5e3cff076569 821158 cgi-mapserver_6.0.1-3.2+deb7u2_amd64.deb
 1d47f657c57f143e71ea9493b7df3ae5041ecfb4 2028830 python-mapscript_6.0.1-3.2+deb7u2_amd64.deb
 7232e1f717940ab295e21fd21e9d13fab3658b3a 6708472 mapserver-bin_6.0.1-3.2+deb7u2_amd64.deb
 dbf878efb095e3c1fba54709b5b46016966cf31c 1081378 libmapscript-ruby1.8_6.0.1-3.2+deb7u2_amd64.deb
 8a3381c50991d4ddb5e9c2d8d39b9809d2eb5a94 1083160 libmapscript-ruby1.9.1_6.0.1-3.2+deb7u2_amd64.deb
Checksums-Sha256: 
 e98eaf0effcb254997bdd06a799aae06f47027e3cb10fc03ba6891495026a978 3062 mapserver_6.0.1-3.2+deb7u2.dsc
 49fb197e5190ff859efbbc9d5399482e5815216146818c2ddb0eb0a297877717 29026 mapserver_6.0.1-3.2+deb7u2.debian.tar.gz
 5fcb6be1a9cab3b323b55223f10cab520af37db863ca34787325846b399ef452 95340 mapserver-doc_6.0.1-3.2+deb7u2_all.deb
 203a921888dc32923df49c0cbcf1b5d3fdb22932e17d1489132d722e7635bd84 69296 libmapscript-ruby_6.0.1-3.2+deb7u2_all.deb
 d05fd8a568ea354b7b1f2388baa21810fb82a685113d2d98e74a6a1bc72cc944 1023516 php5-mapscript_6.0.1-3.2+deb7u2_amd64.deb
 d0db807576f17d75a2440360d8ab0665397d1a840783ef37cdf31dd23ccb30b6 1178958 libmapscript-perl_6.0.1-3.2+deb7u2_amd64.deb
 a80f11e8ea13cc2cf9d79dc172883372f3082bef438c374b8c2259afd4fd3fc1 821158 cgi-mapserver_6.0.1-3.2+deb7u2_amd64.deb
 ad207e37466c0e52d613774ec4f9b83d17e5cfd088b6b99bf2b9ec99ec4840ba 2028830 python-mapscript_6.0.1-3.2+deb7u2_amd64.deb
 470040d455d661b52e5a3a8be6d7c15cf2291269906b861fc84832282faf4b29 6708472 mapserver-bin_6.0.1-3.2+deb7u2_amd64.deb
 45d653ca18500ce799c342714b98d727aebd61c46434fd4eb6dd158299f7d732 1081378 libmapscript-ruby1.8_6.0.1-3.2+deb7u2_amd64.deb
 1c81ae23f90929ba3ee474b2332cd285cf389bc614838f51dd471c602ebff61f 1083160 libmapscript-ruby1.9.1_6.0.1-3.2+deb7u2_amd64.deb
Files: 
 1127371137159a4314c95ff292bf48af 3062 devel optional mapserver_6.0.1-3.2+deb7u2.dsc
 7e992635d54b0c64632a19baef9cff23 29026 devel optional mapserver_6.0.1-3.2+deb7u2.debian.tar.gz
 31c98ed00a327cf22928c16c6404287d 95340 doc optional mapserver-doc_6.0.1-3.2+deb7u2_all.deb
 8f14cfa178f726675ebb7e132cd17970 69296 ruby optional libmapscript-ruby_6.0.1-3.2+deb7u2_all.deb
 5edae5d3d5c8b83169f2229ec14bd125 1023516 php optional php5-mapscript_6.0.1-3.2+deb7u2_amd64.deb
 736e3a6c620d543ea3bf5fa9811afd90 1178958 perl optional libmapscript-perl_6.0.1-3.2+deb7u2_amd64.deb
 e4431a1a7efb40a8c6baca9b3b97eb0d 821158 web optional cgi-mapserver_6.0.1-3.2+deb7u2_amd64.deb
 63944162e81989309687135eb058ba39 2028830 python optional python-mapscript_6.0.1-3.2+deb7u2_amd64.deb
 c61916e68c12abf94b2a504f7ce38d5f 6708472 misc optional mapserver-bin_6.0.1-3.2+deb7u2_amd64.deb
 01c5e4b89ddccb19661bba486a07aae8 1081378 ruby optional libmapscript-ruby1.8_6.0.1-3.2+deb7u2_amd64.deb
 337eec8fd1dc7966b48e1d7019f7f907 1083160 ruby optional libmapscript-ruby1.9.1_6.0.1-3.2+deb7u2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJS0aaOAAoJEAVMuPMTQ89E2YcP/RV8i0aaf4wfk8pyL8m1T7r0
6J7O6E4A8E85n2NpQSb4DPLfnfGafgwpNZQh0xt0aPISE7lI/VS77IVaTca+rSYZ
EhiicCas/P6qKaw2UWwlIo2JAyeiD22/Vr9U/mjNmy2RGHv7iuS6rhkAM2y4yt8O
oXeGH05tCE9DVFdeXLjub9EJtpHKcyn+lHsi734CwBwm+p+s4qQiNBf6D+6hE/m3
Vb9jV4z6QbS3EbejtJoDj0qJxzjJT7LzOtZNCN4bmUpCrHqlRske3Bnp9zC+UPD6
kx6EVOjmwuvL18bOnsiEgBect+1ElJR4sDZRSeCmsuZUetRo+2XliYXHjtgEwNPo
YRgwc5qeUVsiuNQzc06oKECpspGQLIild2o3wBbbBbQOgfwFP7D9NvfudpFMmEAf
JAf9UCtqQ0Udmlm2mNJWttpcG0m3gmScIZUh/cS5e8AvvcO3tSO8AvsSOb/tBp5L
JBwusLmcAMwmBMkVw09W930bM0DRyS5juGJsjQe6K6V4haA/LhQ1mXyBH795tsrb
0KyoDti/8a0TXjWrvDVI2JsMBraSy+SVGaT3lBmzCG5d6kqksFOR77gMuk9utANC
YfTQ0trGbZpcnkFt2aZxJbDfsu9f4kXnrbLZsFnJIJe9z/JjRqRg2j6M2DWvhM6Q
49vNmRJNMcdCMe1yx/re
=Cnjh
-----END PGP SIGNATURE-----

Message #61 received at 734565-close@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>

To: 734565-close@bugs.debian.org

Subject: Bug#734565: fixed in mapserver 5.6.5-2+squeeze3

Date: Sun, 12 Jan 2014 23:32:24 +0000

Source: mapserver
Source-Version: 5.6.5-2+squeeze3

We believe that the bug you reported is fixed in the latest version of
mapserver, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 734565@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <carnil@debian.org> (supplier of updated mapserver package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 10 Jan 2014 04:21:27 +0100
Source: mapserver
Binary: php5-mapscript perl-mapscript cgi-mapserver python-mapscript mapserver-bin mapserver-doc libmapscript-ruby libmapscript-ruby1.8 libmapscript-ruby1.9.1
Architecture: source all amd64
Version: 5.6.5-2+squeeze3
Distribution: oldstable-proposed-updates
Urgency: low
Maintainer: Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description: 
 cgi-mapserver - CGI executable for MapServer
 libmapscript-ruby - Ruby MapServer library
 libmapscript-ruby1.8 - Ruby MapServer library
 libmapscript-ruby1.9.1 - Ruby MapServer library
 mapserver-bin - MapServer utilities
 mapserver-doc - documentation for MapServer
 perl-mapscript - Perl MapServer library
 php5-mapscript - php5-cgi module for MapServer
 python-mapscript - Python library for MapServer
Closes: 734565
Changes: 
 mapserver (5.6.5-2+squeeze3) oldstable-proposed-updates; urgency=low
 .
   * Add patch to fix CVE-2013-7262, an SQL injection vulnerability in the
     msPostGISLayerSetTimeFilter function in mappostgis.c.
     (closes: #734565)
   * Remove debhelper log files to allow clean builds.
Checksums-Sha1: 
 d5c8739a83f5fb5d3028bb3e6dd7fec08fdf02b4 2731 mapserver_5.6.5-2+squeeze3.dsc
 9f97349ed9019e6ed729b8fffa8145e411bfac09 31353 mapserver_5.6.5-2+squeeze3.diff.gz
 07ead7476c70cfe54d358991c36a751b873735b4 81634 mapserver-doc_5.6.5-2+squeeze3_all.deb
 bd7b6c4986af9d7eab2ed8c99f18b85f2de3922f 60326 libmapscript-ruby_5.6.5-2+squeeze3_all.deb
 3378b330423a7ddbbf6cb8b7b0639f37e37ab25e 876806 php5-mapscript_5.6.5-2+squeeze3_amd64.deb
 02d4bc9ad6ddd031811da1dae73835f39757f778 1100548 perl-mapscript_5.6.5-2+squeeze3_amd64.deb
 f6567ebe28a2e5cc62df858cc47cf8dd4b3070eb 788696 cgi-mapserver_5.6.5-2+squeeze3_amd64.deb
 4043293533b0e892175ae46ba667d03b263d003b 1784436 python-mapscript_5.6.5-2+squeeze3_amd64.deb
 92bff3a786914a0e06c376c4f7858ba27e99d70a 6488296 mapserver-bin_5.6.5-2+squeeze3_amd64.deb
 22d2f52a9e327e84eef856439f6b8ab7d55d42ab 989446 libmapscript-ruby1.8_5.6.5-2+squeeze3_amd64.deb
 78f9b4d72f19d6e7ea3208eef541308f5d66647f 989934 libmapscript-ruby1.9.1_5.6.5-2+squeeze3_amd64.deb
Checksums-Sha256: 
 f157dbdaa232384d70f7c82535a9c40e47d672ae0b935d82621186c63673175f 2731 mapserver_5.6.5-2+squeeze3.dsc
 e40a70bcd51b7a1e0d8545e40729f0d6c19c6e7e9e3d4912f4530c4e54a4b6b8 31353 mapserver_5.6.5-2+squeeze3.diff.gz
 0d6e4e563b25278057f81b5d2aa084cb4bba24f666a3da78a39a3f4509503638 81634 mapserver-doc_5.6.5-2+squeeze3_all.deb
 cf4dee68c6d3d155516ad321a0f23704f433a735364c3c758ab2a8869c9cd5e8 60326 libmapscript-ruby_5.6.5-2+squeeze3_all.deb
 3ac29d92af7940cd9ab43024425578a80b11b7b5ea795651f513b345c7fbfcc0 876806 php5-mapscript_5.6.5-2+squeeze3_amd64.deb
 57fbca5c7fa9c5a553617dc7d4139976c0efd4f0cd88ecf824846ebcaf6e6c8e 1100548 perl-mapscript_5.6.5-2+squeeze3_amd64.deb
 86f483db9739154c3d47c6f47011a590e485571bfa08e87c806ef3b438984478 788696 cgi-mapserver_5.6.5-2+squeeze3_amd64.deb
 cfaa8910e34d5d1e3292a9b450b34cc9fa1fccc9691a9aef4487e86a78435def 1784436 python-mapscript_5.6.5-2+squeeze3_amd64.deb
 d42ea327e5d06e7fb09668882bb9f38db8e3a9dccc3e81e880ba1fe433416f08 6488296 mapserver-bin_5.6.5-2+squeeze3_amd64.deb
 2684b38c83bb394e5e1f98a6913471a7f811f4e9b48e83cc90636e79954ebcf2 989446 libmapscript-ruby1.8_5.6.5-2+squeeze3_amd64.deb
 c3fe4a6b6e65e9692d97cff6b97cfebb804b9cdbcd4d915f6d88fb2fa6abbc82 989934 libmapscript-ruby1.9.1_5.6.5-2+squeeze3_amd64.deb
Files: 
 a34bc23ad926e0f7b3919f25d97547f4 2731 devel optional mapserver_5.6.5-2+squeeze3.dsc
 8b851fdecbbb6f8ed85d7ada7f284c64 31353 devel optional mapserver_5.6.5-2+squeeze3.diff.gz
 34db8cf9c3ec346c0fabcb72d9ae797f 81634 doc optional mapserver-doc_5.6.5-2+squeeze3_all.deb
 4fdb5f0e9b10335c7a06b930e8af52e5 60326 ruby optional libmapscript-ruby_5.6.5-2+squeeze3_all.deb
 611facaa5152f5a855403ab4f5888469 876806 php optional php5-mapscript_5.6.5-2+squeeze3_amd64.deb
 ef650748471c10507abfbf6cffc29c57 1100548 perl optional perl-mapscript_5.6.5-2+squeeze3_amd64.deb
 71c9edced3c2fde132d28b44a907982b 788696 web optional cgi-mapserver_5.6.5-2+squeeze3_amd64.deb
 005215106aad2a2b4fc039f2320f36fa 1784436 python optional python-mapscript_5.6.5-2+squeeze3_amd64.deb
 b5059da4688c9c8ab63b3a8807531c85 6488296 misc optional mapserver-bin_5.6.5-2+squeeze3_amd64.deb
 b35d3cd7f1c45fac8c1992247e19d6a4 989446 ruby optional libmapscript-ruby1.8_5.6.5-2+squeeze3_amd64.deb
 83ec0df88e6a09cf522611836dc42515 989934 ruby optional libmapscript-ruby1.9.1_5.6.5-2+squeeze3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCgAGBQJS0bCPAAoJEAVMuPMTQ89E6MUP/0hhgEYoKXpn++/1Lk9sY39+
9MF4yBUSDOUp1OgODutGNRaD0+eA2eBUu8DtVB+KxBs0QWZULuknWDCGzSzSb5Jc
BEleTHVo9r3WJt4ZBMTrqAj1xAZ9T7T6VKvNDiLdie6qe3ztP9K3ePwLHX2gE3sm
q3x+FzC+dK/YguXL7IaEmeeRyanrovzxkIRVvmwAB68UyQJbFuvwXZIoIuNtjdTq
awSMBlufMI2UBXlIE7zR6D8g9KU00KeyUKGxiwtjYney4e/m3wvUBfipem7vbOdD
dd+OLyt5eIAJ5SKnomLA2nwz4xq5Tv049XQ5jUtnB5T/BN6960YO+sxDwqME+GXy
jEgS5gpY8oOYY+FHSFxkCvh68c/BU7Ot3vHZ0tXRXEA2HJ4a6E3H0Bf+XFC+OhmX
SuHR1ZoKezZCaxSJ9ae69NN8cwsi+HWH4tUe3JMS3EOo5qCj8lcEF/tORciJRtFn
b3qLlyVwF0m9veVXV7nPg8XAht/7ohJnPnbM9L3uqcIzGRgFlQDA/1xTO936/IGz
jV54yVeba+BMIablPD6JwZHAE+cAl3o35ercMsuvPVScpK3kWZS03OXj2gqCORTY
4vnu9ntY+GZa11sCoLzWjvaethgb67kh71m3vyA0gKRXOHfuVtRZUQu6Kxu48HQK
+qw+xU/O41tU3Qw1Dnqi
=y5S6
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.