Name: CVE-2007-4629 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4629 Final-Decision: Interim-Decision: Modified: Proposed: Assigned: 20070830 Category: Reference: CONFIRM:http://mapserver.gis.umn.edu/download/current/HISTORY.TXT/ Reference: CONFIRM:http://trac.osgeo.org/mapserver/ticket/2252 Reference: FRSIRT:ADV-2007-2974 Reference: URL:http://www.frsirt.com/english/advisories/2007/2974 Buffer overflow in the processLine funtion in maptemplate.c in MapServer before 4.10.3 allows attackers to cause a denial of service and possibly execute arbitrary code via a mapfile with a long layer name, group name, or metadata entry name.
The fix for this was commited together with fox for bug #256561 and update is about to be pushed to stable.
mapserver-4.10.3-2.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.