Version in base suite: 8.4.0-4+deb13u1 Base version: mapserver_8.4.0-4+deb13u1 Target version: mapserver_8.4.0-4+deb13u2 Base file: /srv/ftp-master.debian.org/ftp/pool/main/m/mapserver/mapserver_8.4.0-4+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/m/mapserver/mapserver_8.4.0-4+deb13u2.dsc changelog | 9 +++++++++ patches/CVE-2026-33721.patch | 29 +++++++++++++++++++++++++++++ patches/series | 1 + salsa-ci.yml | 9 +++++++++ 4 files changed, 48 insertions(+) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpgc0t6av9/mapserver_8.4.0-4+deb13u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpgc0t6av9/mapserver_8.4.0-4+deb13u2.dsc: no acceptable signature found diff -Nru mapserver-8.4.0/debian/changelog mapserver-8.4.0/debian/changelog --- mapserver-8.4.0/debian/changelog 2025-09-21 22:31:40.000000000 +0000 +++ mapserver-8.4.0/debian/changelog 2026-05-03 13:37:57.000000000 +0000 @@ -1,3 +1,12 @@ +mapserver (8.4.0-4+deb13u2) trixie; urgency=high + + * Non-maintainer upload. + * Fix CVE-2026-33721: Heap buffer overflow in SLD `Categorize` Threshold + parsing. + * Add d/salsa-ci.yml for Salsa CI. + + -- Guilhem Moulin Sun, 03 May 2026 15:37:57 +0200 + mapserver (8.4.0-4+deb13u1) trixie; urgency=medium * Update branch in gbp.conf & Vcs-Git URL. diff -Nru mapserver-8.4.0/debian/patches/CVE-2026-33721.patch mapserver-8.4.0/debian/patches/CVE-2026-33721.patch --- mapserver-8.4.0/debian/patches/CVE-2026-33721.patch 1970-01-01 00:00:00.000000000 +0000 +++ mapserver-8.4.0/debian/patches/CVE-2026-33721.patch 2026-05-03 13:37:57.000000000 +0000 @@ -0,0 +1,29 @@ +From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> +Date: Mon, 23 Mar 2026 12:30:09 -0300 +Subject: msSLDParseRasterSymbolizer(): fix potential heap buffer overflow + +Credits to Trail of Bits and Anthropic for reporting and patch +suggestion + +Co-authored-by: Even Rouault +Origin: https://github.com/MapServer/MapServer/commit/fb08dad4afee081b81c57ca0c5d37c149e7755f9 +Bug: https://github.com/MapServer/MapServer/security/advisories/GHSA-cv4m-mr84-fgjp +Bug: https://github.com/MapServer/MapServer/pull/7461 +Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2026-33721 +--- + src/mapogcsld.cpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mapogcsld.cpp b/src/mapogcsld.cpp +index 15ca80d..4c5ed64 100644 +--- a/src/mapogcsld.cpp ++++ b/src/mapogcsld.cpp +@@ -2894,7 +2894,7 @@ int msSLDParseRasterSymbolizer(CPLXMLNode *psRoot, layerObj *psLayer, + } else if (strcasecmp(psNode->pszValue, "Threshold") == 0) { + papszThresholds[nThresholds] = psNode->psChild->pszValue; + nThresholds++; +- if (nValues == nMaxThreshold) { ++ if (nThresholds == nMaxThreshold) { + nMaxThreshold += 100; + papszThresholds = (char **)msSmallRealloc( + papszThresholds, sizeof(char *) * nMaxThreshold); diff -Nru mapserver-8.4.0/debian/patches/series mapserver-8.4.0/debian/patches/series --- mapserver-8.4.0/debian/patches/series 2025-09-21 22:31:40.000000000 +0000 +++ mapserver-8.4.0/debian/patches/series 2026-05-03 13:37:57.000000000 +0000 @@ -2,3 +2,4 @@ java-hardening.patch icu.patch CVE-2025-59431.patch +CVE-2026-33721.patch diff -Nru mapserver-8.4.0/debian/salsa-ci.yml mapserver-8.4.0/debian/salsa-ci.yml --- mapserver-8.4.0/debian/salsa-ci.yml 1970-01-01 00:00:00.000000000 +0000 +++ mapserver-8.4.0/debian/salsa-ci.yml 2026-05-03 13:37:57.000000000 +0000 @@ -0,0 +1,9 @@ +--- +include: + - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml + +variables: + RELEASE: 'trixie' + SALSA_CI_DISABLE_LINTIAN: 1 + SALSA_CI_DISABLE_REPROTEST: 1 + SALSA_CI_DISABLE_BLHC: 1