Bug#992843: bullseye-pu: package apr/1.7.0-6+deb11u1

To: Yadd <yadd@debian.org>, 992843@bugs.debian.org
Subject: Bug#992843: bullseye-pu: package apr/1.7.0-6+deb11u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Sat, 04 Sep 2021 15:13:14 +0100
Message-id: <[🔎] 8234445780761f1c97b65cc9ccde4242cbb22782.camel@adam-barratt.org.uk>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 992843@bugs.debian.org
In-reply-to: <162978991900.2515740.14866271499071600088.reportbug@deb007.xnr.fr>
References: <162978991900.2515740.14866271499071600088.reportbug@deb007.xnr.fr> <162978991900.2515740.14866271499071600088.reportbug@deb007.xnr.fr>

Control: tags -1 + confirmed

On Tue, 2021-08-24 at 09:25 +0200, Yadd wrote:
> An out-of-bounds array read in the apr_time_exp*() functions was
> fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613).
> The fix for this issue was not carried forward to the APR 1.7.x
> branch, and hence version 1.7.0 regressed compared to 1.6.3 and is
> vulnerable to the same issue.
> 

Please go ahead.

Regards,

Adam

Reply to:

Prev by Date: Bug#992836: bullseye-pu: package termshark/2.2.0-1+deb11u1
Next by Date: Processed: Re: Bug#992843: bullseye-pu: package apr/1.7.0-6+deb11u1
Previous by thread: Bug#992836: bullseye-pu: package termshark/2.2.0-1+deb11u1
Next by thread: Processed: Re: Bug#992843: bullseye-pu: package apr/1.7.0-6+deb11u1
Index(es):
- Date
- Thread