diff options
author | Armin Kuster <akuster@mvista.com> | 2021-09-10 20:00:01 -0700 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2021-09-24 04:27:46 -1000 |
commit | 315262830bfe2bc8b2a9259541bb3a0bc83a2cdd (patch) | |
tree | af904bfe4e153c20c5c0b05d43b01f7d792ade55 /meta-selftest | |
parent | 7de5e19a668f268f0cc56617a9f5760054acb5f5 (diff) | |
download | openembedded-core-contrib-315262830bfe2bc8b2a9259541bb3a0bc83a2cdd.tar.gz |
apr: Security fix for CVE-2021-35940
Source: https://dist.apache.org
MR: 112793
Type: Security Fix
Disposition: Backport from https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc
Description:
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta-selftest')
0 files changed, 0 insertions, 0 deletions