apr: Security fix for CVE-2021-35940 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Armin Kuster <akuster@mvista.com>	2021-09-10 20:00:01 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-09-30 00:02:22 +0100
commit	eb3e28fa18a882982c6aaee9ac7a0090e746735d (patch)
tree	65d629d0b0576ad87879c9d40208889ea69f15bf /scripts/lib/devtool
parent	60383990481408e0b4c131102aa9e2905ac5d1d1 (diff)
download	poky-eb3e28fa18a882982c6aaee9ac7a0090e746735d.tar.gz

apr: Security fix for CVE-2021-35940

Source: https://dist.apache.org MR: 112793 Type: Security Fix Disposition: Backport from https://dist.apache.org/repos/dist/release/apr/patches/apr-1.7.0-CVE-2021-35940.patch ChangeID: c8247210204ffcc7d1425e3d60f077ad3dd54ebc Description: An out-of-bounds array read in the apr_time_exp*() functions was fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue was not carried forward to the APR 1.7.x branch, and hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to the same issue. (From OE-Core rev: 315262830bfe2bc8b2a9259541bb3a0bc83a2cdd) Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/devtool')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: