This bug was fixed in the package mapserver - 5.0.0-3ubuntu0.1
--------------- mapserver (5.0.0-3ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow (LP: #398814) - debian/patches/01_CVE-2009-0839.dpatch: Apply a regex pattern to limit an id's value. - CVE-2009-0839 * SECURITY UPDATE: heap-based buffer underflow (LP: #398814) - debian/patches/02_CVE-2009-840-CVE-2009-2281.dpatch: Add validation for a post request and the content-length. - CVE-2009-0840, CVE-2009-2281 * SECURITY UPDATE: relative file path writing (LP: #398814) - debian/patches/03_CVE-2009-0841.dpatch: Limit the buffer size. - CVE-2009-0841 * SECURITY UPDATE: file data leakage (LP: #398814) - debian/patches/04_CVE-2009-0842.dpatch: Set MAP/SYMBOLSET tag as mandatory. - CVE-2009-0842 * SECURITY UPDATE: file existence leakage (LP: #398814) - debian/patches/05_CVE-2009-0843.dpatch: Add regex validation for the file extension. - CVE-2009-0843 * SECURITY UPDATE: paths specified in url vulnerabilities. - debian/patches/06_urlpath.dpatch: Disable the variable overwriting from URL of a few variables. - [http://trac.osgeo.org/mapserver/ticket/1836]
-- Alan Boudreault <email address hidden> Tue, 18 Aug 2009 09:42:23 -0400
This bug was fixed in the package mapserver - 5.0.0-3ubuntu0.1
---------------
mapserver (5.0.0-3ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: stack-based buffer overflow (LP: #398814) patches/ 01_CVE- 2009-0839. dpatch: Apply a regex pattern patches/ 02_CVE- 2009-840- CVE-2009- 2281.dpatch: Add validation for patches/ 03_CVE- 2009-0841. dpatch: Limit the buffer size. patches/ 04_CVE- 2009-0842. dpatch: Set MAP/SYMBOLSET tag as mandatory. patches/ 05_CVE- 2009-0843. dpatch: Add regex validation for the file extension. patches/ 06_urlpath. dpatch: Disable the variable overwriting from URL of a trac.osgeo. org/mapserver/ ticket/ 1836]
- debian/
to limit an id's value.
- CVE-2009-0839
* SECURITY UPDATE: heap-based buffer underflow (LP: #398814)
- debian/
a post request and the content-length.
- CVE-2009-0840, CVE-2009-2281
* SECURITY UPDATE: relative file path writing (LP: #398814)
- debian/
- CVE-2009-0841
* SECURITY UPDATE: file data leakage (LP: #398814)
- debian/
- CVE-2009-0842
* SECURITY UPDATE: file existence leakage (LP: #398814)
- debian/
- CVE-2009-0843
* SECURITY UPDATE: paths specified in url vulnerabilities.
- debian/
few variables.
- [http://
-- Alan Boudreault <email address hidden> Tue, 18 Aug 2009 09:42:23 -0400