Candidate: CVE-2013-7262
PublicDate: 2014-01-05 20:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7262
 https://github.com/mapserver/mapserver/issues/4834
 https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed
 http://www.mapserver.org/development/changelog/changelog-6-4.html#changelog-6-4-1
Description:
 SQL injection vulnerability in the msPostGISLayerSetTimeFilter function in
 mappostgis.c in MapServer before 6.4.1, when a WMS-Time service is used,
 allows remote attackers to execute arbitrary SQL commands via a crafted
 string in a PostGIS TIME filter.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/mapserver/+bug/1267616
 https://github.com/mapserver/mapserver/issues/4834
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mapserver:
 upstream: https://github.com/mapserver/mapserver/commit/3a10f6b829297dae63492a8c63385044bc6953ed
upstream_mapserver: released (6.4.1)
lucid_mapserver: ignored (reached end-of-life)
precise_mapserver: released (6.0.1-2ubuntu1.1)
quantal_mapserver: released (6.0.1-3.2ubuntu0.12.10.1)
raring_mapserver: released (6.0.1-3.2ubuntu0.13.04.1)
saucy_mapserver: released (6.2.1-3ubuntu0.1)
devel_mapserver: not-affected (6.4.1-1)