[go: up one dir, main page]

Debian Bug report logs - #989363
mapcache: Multiple security issues in ezxml

Package: src:mapcache; Maintainer for src:mapcache is Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>;

Reported by: Moritz Muehlenhoff <jmm@debian.org>

Date: Tue, 1 Jun 2021 19:57:08 UTC

Severity: important

Tags: security, upstream, wontfix

Done: Sebastiaan Couwenberg <sebastic@xs4all.nl>

Bug is archived. No further changes may be made.

Forwarded to https://github.com/MapServer/mapcache/issues/267

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>:
Bug#989363; Package src:mapcache. (Tue, 01 Jun 2021 19:57:11 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Debian GIS Project <pkg-grass-devel@lists.alioth.debian.org>. (Tue, 01 Jun 2021 19:57:11 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mapcache: Multiple security issues in ezxml
Date: Tue, 01 Jun 2021 21:55:33 +0200
Source: mapcache
Severity: important
Tags: security
X-Debbugs-Cc: Debian Security Team <team@security.debian.org>

Multiple security issues were found in ezxml, which mapcache bundles:

CVE-2021-31598:
https://sourceforge.net/p/ezxml/bugs/28/

CVE-2021-31348 / CVE-2021-31347:
https://sourceforge.net/p/ezxml/bugs/27/

CVE-2021-31229:
https://sourceforge.net/p/ezxml/bugs/26/

CVE-2021-30485:
https://sourceforge.net/p/ezxml/bugs/25/

CVE-2021-26222:
https://sourceforge.net/p/ezxml/bugs/22/

CVE-2021-26221:
https://sourceforge.net/p/ezxml/bugs/21/

CVE-2021-26220:
https://sourceforge.net/p/ezxml/bugs/23/

CVE-2019-20202:
https://sourceforge.net/p/ezxml/bugs/17

CVE-2019-20201
https://sourceforge.net/p/ezxml/bugs/16

CVE-2019-20200:
https://sourceforge.net/p/ezxml/bugs/19

CVE-2019-20199:
https://sourceforge.net/p/ezxml/bugs/18

CVE-2019-20198:
https://sourceforge.net/p/ezxml/bugs/20

CVE-2019-20007:
https://sourceforge.net/p/ezxml/bugs/13

CVE-2019-20006:
https://sourceforge.net/p/ezxml/bugs/15

CVE-2019-20005:
https://sourceforge.net/p/ezxml/bugs/14
			



-- System Information:
Debian Release: 11.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Added tag(s) upstream. Request was from Bas Couwenberg <sebastic@debian.org> to control@bugs.debian.org. (Sun, 03 Oct 2021 10:39:03 GMT) (full text, mbox, link).

Set Bug forwarded-to-address to 'https://github.com/MapServer/mapcache/issues/267'. Request was from Bas Couwenberg <sebastic@debian.org> to control@bugs.debian.org. (Sun, 03 Oct 2021 10:39:03 GMT) (full text, mbox, link).

Added tag(s) wontfix. Request was from Sebastiaan Couwenberg <sebastic@xs4all.nl> to control@bugs.debian.org. (Tue, 11 Mar 2025 07:03:03 GMT) (full text, mbox, link).

Reply sent to Sebastiaan Couwenberg <sebastic@xs4all.nl>:
You have taken responsibility. (Tue, 11 Mar 2025 07:03:05 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer. (Tue, 11 Mar 2025 07:03:05 GMT) (full text, mbox, link).

Message #16 received at 989363-done@bugs.debian.org (full text, mbox, reply):

From: Sebastiaan Couwenberg <sebastic@xs4all.nl>
To: 989363-done@bugs.debian.org, 1014389-done@bugs.debian.org
Subject: mapcache issues
Date: Tue, 11 Mar 2025 08:01:21 +0100
tags 989363 wontfix
tags 1014389 wontfix
thanks

These are not issues that will be fixed by the package maintainer.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 08 Apr 2025 07:27:03 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Tue Oct 14 23:31:02 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.