Opened 2 years ago

Closed 2 years ago

#17583 closed enhancement (fixed)

apr-util-1.6.3

Reported by: Douglas R. Reno Owned by: Tim Tassonis
Priority: elevated Milestone: 11.3
Component: BOOK Version: git
Severity: normal Keywords:
Cc:

Description

New point version

Contains a security fix for the apr_base64 series of functions. It's an out-of-bounds write similar to apr (#17582)

Change History (5)

comment:1 by Tim Tassonis, 2 years ago

Owner: changed from blfs-book to Tim Tassonis
Status: newassigned

comment:2 by Tim Tassonis, 2 years ago

Resolution: fixed
Status: assignedclosed

Fixed in commit 940d6093e2.

comment:3 by Bruce Dubbs, 2 years ago

Resolution: fixed
Status: closedreopened
Summary: apr-util-1.6.2apr-util-1.6.3

Now version 1.6.3.

comment:4 by Tim Tassonis, 2 years ago

Changes with APR-util 1.6.2

*) SECURITY: CVE-2022-25147 (cve.mitre.org)

Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.

*) Teach configure how to find and build against MariaDB 10.2. PR 61517

[Kris Karas <bugs-a17 moonlit-rail.com>]

*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that

prevented commoncrypto being enabled. [Graham Leggett]

*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]

*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.

apr_dbm_gdbm will now also return error codes starting with APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always returning APR_EGENERAL. [Stefan Fritsch]

comment:5 by Tim Tassonis, 2 years ago

Resolution: fixed
Status: reopenedclosed

Fixed in commit 134d869f9c

Note: See TracTickets for help on using tickets.