-
apr-util (1.2.12+dfsg-3ubuntu0.3) hardy-security; urgency=low
* SECURITY UPDATE: denial of service via memory leak in
apr_brigade_split_line function.
- debian/patches/021_CVE-2010-1623.dpatch: properly destroy bucket in
buckets/apr_brigade.c.
- CVE-2010-1623
-- Marc Deslauriers <email address hidden> Thu, 18 Nov 2010 09:48:13 -0500
-
apr-util (1.2.12+dfsg-3ubuntu0.2) hardy-security; urgency=low
* SECURITY UPDATE: fix integer overflow in libaprutil
- debian/patches/020_CVE-2009-2412.patch: adjust apr_rmm_malloc,
apr_rmm_calloc, apr_rmm_realloc to check for overflow after aligning
size
- http://www.apache.org/dist/apr/patches/apr-util-1.x-CVE-2009-2412.patch
- CVE-2009-2412
-- Jamie Strandboge <email address hidden> Fri, 07 Aug 2009 12:28:25 -0500
-
apr-util (1.2.12+dfsg-3ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: Fix underflow in apr_strmatch_precompile
- debian/patches/017_CVE-2009-0023.dpatch: adjust strmatch/apr_strmatch.c
to properly evaluate strings as unsigned char rather than int
- CVE-2009-0023
* SECURITY UPDATE: Prevent "billion laughs" attack against expat
- debian/patches/018_CVE-2009-1955.dpatch: adjust xml/apr_xml.c to disable
internal entity expansion. Also add test case to the internal test
suite
- CVE-2009-1955
* SECURITY UPDATE: Fix off by one overflow in apr_brigade_vprintf
- debian/patches/019_CVE-2009-1956.dpatch: don't add null terminator to
vd.vbuff.curpos in buckets/apr_brigade.c
- CVE-2009-1956
-- Jamie Strandboge <email address hidden> Tue, 09 Jun 2009 11:47:52 -0500
-
apr-util (1.2.12+dfsg-3) unstable; urgency=medium
* Fix integer overflow in apr_brigade_partition on 32bit systems. Urgency
medium because this made apache segfault when resuming a file larger than
4GB.
* Point VCS tags in debian control to trunk, to make them useful with
debcheckout.
-- Daniel Hahler <email address hidden> Fri, 04 Apr 2008 11:32:19 +0100
-
apr-util (1.2.12+dfsg-2build1) hardy; urgency=low
* No-change rebuild against libldap-2.4-2.
-- Steve Langasek <email address hidden> Wed, 23 Jan 2008 11:48:58 +0000
-
apr-util (1.2.12+dfsg-2) unstable; urgency=low
* Build-Depend on libdb4.6-dev instead of libdb-dev >= 4.6, as the latter
causes problems with sbuild.
* Change server in watch file since www.eu.apache.org is unreliable.
apr-util (1.2.12+dfsg-1) unstable; urgency=low
[ Stefan Fritsch ]
* New upstream version (Closes: #447146)
* Fix debian/rules clean
* Don't ship .svn directories. (Closes: #431508)
* Fix some lintian warnings:
- Use ${binary:Version} instead of ${Source-Version}.
- Bump standards-version to 3.7.3 (no changes).
- Remove empty /usr/share/doc/libapr1.0/.
- Don't ignore make clean errors.
* Add myself to Uploaders.
* Add Vcs info and homepage to debian/control.
* Change handling of CFLAGS in debian/rules so that they are actually used.
Fixes DEB_BUILD_OPTIONS=debug.
[ Tollef Fog Heen ]
* Make libaprutil1-dbg Priority: extra to match overrides.
[ Peter Samuelson ]
* Compile with db 4.6. (Closes: #422465, #429025)
* Add watch file.
-- Martin Pitt <email address hidden> Tue, 15 Jan 2008 11:24:40 +0000
-
apr-util (1.2.7+dfsg-2ubuntu1) hardy; urgency=low
* debian/control: libdb 4.4 -> 4.6. (Debian #422465)
* Modify Maintainer value to match the DebianMaintainerField
specification.
-- Martin Pitt <email address hidden> Wed, 02 Jan 2008 17:29:07 +0100
-
apr-util (1.2.7+dfsg-2build1) feisty; urgency=low
* No-change upload for the libpq4->libpq5 transition.
-- Martin Pitt <email address hidden> Tue, 9 Jan 2007 10:37:19 +0100
