apr: Security fix for CVE-2021-35940 - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Armin Kuster <akuster@mvista.com>	2021-09-10 20:00:01 -0700
committer	Steve Sakoman <steve@sakoman.com>	2021-09-24 04:27:46 -1000
commit	315262830bfe2bc8b2a9259541bb3a0bc83a2cdd (patch)
tree	af904bfe4e153c20c5c0b05d43b01f7d792ade55 /meta-skeleton
parent	7de5e19a668f268f0cc56617a9f5760054acb5f5 (diff)
download	openembedded-core-contrib-315262830bfe2bc8b2a9259541bb3a0bc83a2cdd.tar.gz

apr: Security fix for CVE-2021-35940

Source: https://dist.apache.org MR: 112793 Type: Security Fix Disposition: Backport from https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc Description: An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta-skeleton')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: