Candidate: CVE-2017-5522
PublicDate: 2017-03-15 16:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5522
 https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html
 https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df
Description:
 Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before 6.2.4,
 6.4.x before 6.4.5, and 7.0.x before 7.0.4 allows remote attackers to cause
 a denial of service (crash) or execute arbitrary code via vectors involving
 WFS get feature requests.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_mapserver:
upstream_mapserver: released (7.0.4-1)
precise_mapserver: ignored (reached end-of-life)
precise/esm_mapserver: DNE (precise was needs-triage)
trusty_mapserver: released (6.4.1-2ubuntu0.1)
trusty/esm_mapserver: DNE (trusty was released [6.4.1-2ubuntu0.1])
vivid/stable-phone-overlay_mapserver: DNE
vivid/ubuntu-core_mapserver: DNE
xenial_mapserver: released (7.0.0-9ubuntu3.1)
yakkety_mapserver: ignored (reached end-of-life)
zesty_mapserver: not-affected (7.0.4-2)
artful_mapserver: not-affected (7.0.4-2)
bionic_mapserver: not-affected (7.0.4-2)
cosmic_mapserver: not-affected (7.0.4-2)
devel_mapserver: not-affected (7.0.4-2)