Description of problem: Newly released Mapserver 4.10.3 fixes two vulnerabilities which could be possibly exploited to conduct a Cross-Site Scripting attack against user who would follow a link to malicious site while visiting a mapserver site. Version-Release number of selected component (if applicable): mapserver-4.10.2-4.fc7 Additional info: See URL for upstream bug ticket and a patch. No CVE identifier is assigned to this issue yet.
A CVE name was requested.
Mitre assigned CVE-2007-4542 to this issue.
Fixed in devel and f7, updated pushed.
I try look/update to 4.10.3 ones tomorrow for Fedora / EPEL ones. I hadn't chance to read ChangeLog or the issue, but its solvable i think.
Lobo, BTW Oliver is not implied in GIS package maintainace only in the alpha port, i am only/lonely with the GIS/geography ones for RH/Fedora.
Cristian, Oliver volunteered to do the update while you were away. https://admin.fedoraproject.org/updates/pending/F7/mapserver-4.10.3-2.fc7
The version bump also solves bug #272081
mapserver-4.10.3-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.