apr: Security fix for CVE-2021-35940 - linux/poky.git - Mirror of git.yoctoproject.org/poky

index : linux/poky.git

Mirror of git.yoctoproject.org/poky

N/A

summary refs log tree commit diff stats

path: root/scripts/lib/build_perf/scrape-html-report.js

diff options

author	Armin Kuster <akuster808@gmail.com>	2021-09-10 19:59:17 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-17 21:31:37 +0100
commit	37c55c0e3b6265e0bf2c79dada6ea92bae88b42c (patch)
tree	6cdf3316217a29fba3cca35a6c139c7d86c2995d /scripts/lib/build_perf/scrape-html-report.js
parent	a5e9dd4bc60fe7faf9909927b2cc2b572667dc13 (diff)
download	poky-37c55c0e3b6265e0bf2c79dada6ea92bae88b42c.tar.gz

apr: Security fix for CVE-2021-35940

An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (From OE-Core rev: 2b1a8731359d990b3a8eec6403d689144a516207) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit d52b78c75323fb254b5d0216f9183573b353abd3) Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/build_perf/scrape-html-report.js')

0 files changed, 0 insertions, 0 deletions