[Pkg-apache-commits] r941 - in /branches/lenny-apr-util: changelog patches/00list
sf at alioth.debian.org
sf at alioth.debian.org
Thu Jun 4 18:23:01 UTC 2009
Author: sf
Date: Thu Jun 4 18:23:00 2009
New Revision: 941
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=941
Log:
security update
Modified:
branches/lenny-apr-util/changelog
branches/lenny-apr-util/patches/00list
Modified: branches/lenny-apr-util/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apr-util/changelog?rev=941&op=diff
==============================================================================
--- branches/lenny-apr-util/changelog (original)
+++ branches/lenny-apr-util/changelog Thu Jun 4 18:23:00 2009
@@ -1,3 +1,12 @@
+apr-util (1.2.12+dfsg-8+lenny2) stable-security; urgency=high
+
+ * CVE-2009-0023: Fix underflow in apr_strmatch_precompile() which causes
+ remotely exploitable DoS vulnerabilities in mod_dav_svn and libapreq2.
+ * Fix DoS vulnerability (memory consumption) in handling of internal xml
+ entities.
+
+ -- Stefan Fritsch <sf at debian.org> Wed, 03 Jun 2009 22:53:01 +0200
+
apr-util (1.2.12+dfsg-8) unstable; urgency=low
[ Ryan Niebur ]
Modified: branches/lenny-apr-util/patches/00list
URL: http://svn.debian.org/wsvn/pkg-apache/branches/lenny-apr-util/patches/00list?rev=941&op=diff
==============================================================================
--- branches/lenny-apr-util/patches/00list (original)
+++ branches/lenny-apr-util/patches/00list Thu Jun 4 18:23:00 2009
@@ -6,4 +6,6 @@
014_apu_config_dont_list_indep_libs
015_apr_brigade_partition_int_overflow.dpatch
016_omit_mysql_from_APRUTIL_LDFLAGS.dpatch
+017_CVE-2009-0023.dpatch
+018_expat_entity_expansion.dpatch
099_alternate_md4_md5_impl
More information about the Pkg-apache-commits
mailing list