MapServer upstream during security audit of MapServer v5.6 identified that some of the mapserv CGI command-line debug arguments constitute a security risk that could potentially be exploited. These arguments should be used only by developers that use those command-line arguments to debug and test the software. References: [1] http://trac.osgeo.org/mapserver/ticket/3485 Upstream patch (against 5-4 SVN branch): [2] http://trac.osgeo.org/mapserver/changeset/10314 Upstream patch (against trunk): [3] http://trac.osgeo.org/mapserver/changeset/10319
This issue affects the versions of the mapserver package, as shipped with Fedora release of 12 and 13. Please fix.
Created mapserver tracking bugs for this issue Affects: fedora-all [bug 617314]