[Pkg-apache-commits] r941 - in /branches/lenny-apr-util: changelog patches/00list

sf at alioth.debian.org sf at alioth.debian.org
Thu Jun 4 18:23:01 UTC 2009


Author: sf
Date: Thu Jun  4 18:23:00 2009
New Revision: 941

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=941
Log:
security update

Modified:
    branches/lenny-apr-util/changelog
    branches/lenny-apr-util/patches/00list

Modified: branches/lenny-apr-util/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apr-util/changelog?rev=941&op=diff
==============================================================================
--- branches/lenny-apr-util/changelog (original)
+++ branches/lenny-apr-util/changelog Thu Jun  4 18:23:00 2009
@@ -1,3 +1,12 @@
+apr-util (1.2.12+dfsg-8+lenny2) stable-security; urgency=high
+
+  * CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
+    remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
+  * Fix DoS vulnerability (memory consumption) in handling of internal xml
+    entities.
+
+ -- Stefan Fritsch <sf at debian.org>  Wed, 03 Jun 2009 22:53:01 +0200
+
 apr-util (1.2.12+dfsg-8) unstable; urgency=low
 
   [ Ryan Niebur ]

Modified: branches/lenny-apr-util/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apr-util/patches/00list?rev=941&op=diff
==============================================================================
--- branches/lenny-apr-util/patches/00list (original)
+++ branches/lenny-apr-util/patches/00list Thu Jun  4 18:23:00 2009
@@ -6,4 +6,6 @@
 014_apu_config_dont_list_indep_libs
 015_apr_brigade_partition_int_overflow.dpatch
 016_omit_mysql_from_APRUTIL_LDFLAGS.dpatch
+017_CVE-2009-0023.dpatch
+018_expat_entity_expansion.dpatch
 099_alternate_md4_md5_impl




More information about the Pkg-apache-commits mailing list