]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 5aae9c2) | patch
apr: Security fix for CVE-2021-35940
authorArmin Kuster <akuster808@gmail.com>
Sat, 11 Sep 2021 02:59:17 +0000 (19:59 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 11 Sep 2021 21:36:27 +0000 (22:36 +0100)
commitd52b78c75323fb254b5d0216f9183573b353abd3
treeed4235e06362a67aaab8614077cfb85bcfe501b4tree | snapshot
parent5aae9c2cb464350bc443a0f60fd6602942e61f46commit | diff
apr: Security fix for CVE-2021-35940

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed
compared to 1.6.3 and is vulnerable to the same issue.

Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-support/apr/apr/CVE-2021-35940.patch [new file with mode: 0644] blob
meta/recipes-support/apr/apr_1.7.0.bb diff | blob | history
Mirror of the official openembedded-core repository