Red Hat Bugzilla – Bug 256561
CVE-2007-4542 Multiple XSS vulnerabilities in mapserver's CGI interface
Last modified: 2007-11-30 17:12:14 EST
Description of problem:
Newly released Mapserver 4.10.3 fixes two vulnerabilities which could be
possibly exploited to conduct a Cross-Site Scripting attack against user who
would follow a link to malicious site while visiting a mapserver site.
Version-Release number of selected component (if applicable):
See URL for upstream bug ticket and a patch. No CVE identifier is assigned to
this issue yet.
A CVE name was requested.
Mitre assigned CVE-2007-4542 to this issue.
Fixed in devel and f7, updated pushed.
I try look/update to 4.10.3 ones tomorrow for Fedora / EPEL ones.
I hadn't chance to read ChangeLog or the issue, but its solvable i think.
Lobo, BTW Oliver is not implied in GIS package maintainace only in the alpha
port, i am only/lonely with the GIS/geography ones for RH/Fedora.
Cristian, Oliver volunteered to do the update while you were away.
The version bump also solves bug #272081
mapserver-4.10.3-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.