code.ossystems Code Review - openembedded-core.git/commit

author	Armin Kuster <akuster@mvista.com>
	Sat, 11 Sep 2021 03:00:01 +0000 (20:00 -0700)
committer	Steve Sakoman <steve@sakoman.com>
	Fri, 24 Sep 2021 14:27:46 +0000 (04:27 -1000)
commit	315262830bfe2bc8b2a9259541bb3a0bc83a2cdd
tree	af904bfe4e153c20c5c0b05d43b01f7d792ade55	tree \| snapshot
parent	7de5e19a668f268f0cc56617a9f5760054acb5f5	commit \| diff

apr: Security fix for CVE-2021-35940

Source: https://dist.apache.org
MR: 112793
Type: Security Fix
Disposition: Backport from https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch
ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc
Description:

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-support/apr/apr/CVE-2021-35940.patch	[new file with mode: 0644]	blob
meta/recipes-support/apr/apr_1.7.0.bb		diff \| blob \| history