Candidate: CVE-2016-9839
PublicDate: 2016-12-08 08:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9839
 https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html
 https://github.com/mapserver/mapserver/pull/4928
 https://github.com/mapserver/mapserver/pull/5356
Description:
 In MapServer before 7.0.3, OGR driver error messages are too verbose and
 may leak sensitive information if data connection fails.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_mapserver:
upstream_mapserver: released (7.0.3-1)
precise_mapserver: ignored (reached end-of-life)
precise/esm_mapserver: DNE (precise was needed)
trusty_mapserver: released (6.4.1-2ubuntu0.1)
trusty/esm_mapserver: DNE (trusty was released [6.4.1-2ubuntu0.1])
vivid/stable-phone-overlay_mapserver: DNE
vivid/ubuntu-core_mapserver: DNE
xenial_mapserver: released (7.0.0-9ubuntu3.1)
yakkety_mapserver: ignored (reached end-of-life)
zesty_mapserver: ignored (reached end-of-life)
artful_mapserver: ignored (reached end-of-life)
bionic_mapserver: not-affected (7.0.3-1)
cosmic_mapserver: not-affected (7.0.3-1)
devel_mapserver: not-affected (7.0.3-1)