Opened 15 months ago
Closed 15 months ago
#17583 closed enhancement (fixed)
apr-util-1.6.3
| Reported by: | Douglas R. Reno | Owned by: | Tim Tassonis |
|---|---|---|---|
| Priority: | elevated | Milestone: | 11.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description
New point version
Contains a security fix for the apr_base64 series of functions. It's an out-of-bounds write similar to apr (#17582)
Change History (5)
comment:1 by , 15 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:2 by , 15 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
comment:3 by , 15 months ago
| Resolution: | fixed |
|---|---|
| Status: | closed → reopened |
| Summary: | apr-util-1.6.2 → apr-util-1.6.3 |
Now version 1.6.3.
comment:4 by , 15 months ago
Changes with APR-util 1.6.2
*) SECURITY: CVE-2022-25147 (cve.mitre.org)
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer.
*) Teach configure how to find and build against MariaDB 10.2. PR 61517
[Kris Karas <bugs-a17 moonlit-rail.com>]
*) apr_crypto_commoncrypto: Remove stray reference to -lcrypto that
prevented commoncrypto being enabled. [Graham Leggett]
*) Add --tag=CC to libtool invocations. PR 62640. [Michael Osipov]
*) apr_dbm_gdbm: Fix handling of error codes. This makes gdbm 1.14 work.
apr_dbm_gdbm will now also return error codes starting with APR_OS_START_USEERR, as apr_dbm_berkleydb does, instead of always returning APR_EGENERAL. [Stefan Fritsch]
comment:5 by , 15 months ago
| Resolution: | → fixed |
|---|---|
| Status: | reopened → closed |
Fixed in commit 134d869f9c
Fixed in commit 940d6093e2.