Debian Bug report logs -
#988208
CVE-2021-32062
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#988208; Package src:mapserver.
(Fri, 07 May 2021 19:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>.
(Fri, 07 May 2021 19:18:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: mapserver
Severity: grave
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
CVE-2021-32062:
https://github.com/mapserver/mapserver/issues/6313
https://github.com/MapServer/MapServer/pull/6314
Patch for branch-7-6:
https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732
Cheers,
Moritz
Added tag(s) upstream.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 07 May 2021 19:48:02 GMT) (full text, mbox, link).
Marked as found in versions mapserver/7.6.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 07 May 2021 19:48:03 GMT) (full text, mbox, link).
Marked as fixed in versions mapserver/7.6.3-1~exp1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 07 May 2021 19:48:04 GMT) (full text, mbox, link).
Marked as found in versions mapserver/7.2.2-1.
Request was from Salvatore Bonaccorso <carnil@debian.org>
to control@bugs.debian.org.
(Fri, 07 May 2021 19:48:04 GMT) (full text, mbox, link).
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#988208; Package src:mapserver.
(Sat, 08 May 2021 04:51:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastiaan Couwenberg <sebastic@xs4all.nl>:
Extra info received and forwarded to list. Copy sent to Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>.
(Sat, 08 May 2021 04:51:03 GMT) (full text, mbox, link).
Message #20 received at 988208@bugs.debian.org (full text, mbox, reply):
On 5/7/21 9:14 PM, Moritz Muehlenhoff wrote:
> Patch for branch-7-6:
> https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732
That does not apply cleanly on 7.6.2 in bullseye, due to the changes in:
https://github.com/MapServer/MapServer/commit/b128dace3ec3e61bf063f7285d1279e9f9fd9e28
We'll need to include both in the update for bullseye, or hack the patch
to make it apply without those changes which I'm not very confident in.
I'm not sure if the release team will accept the additional changes
though, for both the bullseye unblock and buster pu.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#988208; Package src:mapserver.
(Sat, 08 May 2021 06:18:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Sebastiaan Couwenberg <sebastic@xs4all.nl>, 988208@bugs.debian.org:
Extra info received and forwarded to list. Copy sent to Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>.
(Sat, 08 May 2021 06:18:03 GMT) (full text, mbox, link).
Message #25 received at 988208@bugs.debian.org (full text, mbox, reply):
Control: block -1 by 988224 988225
On 5/8/21 6:41 AM, Sebastiaan Couwenberg wrote:
> On 5/7/21 9:14 PM, Moritz Muehlenhoff wrote:
>> Patch for branch-7-6:
>> https://github.com/mapserver/mapserver/commit/927ac97cb9ece305306b5ab2b5600d3afe8c1732
>
> That does not apply cleanly on 7.6.2 in bullseye, due to the changes in:
>
> https://github.com/MapServer/MapServer/commit/b128dace3ec3e61bf063f7285d1279e9f9fd9e28
>
> We'll need to include both in the update for bullseye, or hack the patch
> to make it apply without those changes which I'm not very confident in.
>
> I'm not sure if the release team will accept the additional changes
> though, for both the bullseye unblock and buster pu.
The unblock for bullseye is requested in #988224 with both upstream
commits as patches.
The same changes have been applied for 7.2 in buster, pu #988225.
Kind Regards,
Bas
--
GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146 50D1 6750 F10A E88D 4AF1
Added blocking bug(s) of 988208: 988225 and 988224
Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl>
to 988208-submit@bugs.debian.org.
(Sat, 08 May 2021 06:18:03 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Sat May 8 12:43:18 2021;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon