-
apr (1.3.8-1ubuntu0.3) lucid-security; urgency=low
* SECURITY UPDATE: denial of service in apr_fnmatch exploitable via
apache's mod_index
- debian/patches/028_fnmatch_CVE-2011-0419.dpatch: rewrite
apr_fnmatch to have a better time bounds on execution.
- CVE-2011-0419
- debian/patches/029_fnmatch_CVE-2011-1928.dpatch: fix possible
DoS introduced by patch for CVE-2011-0419.
- CVE-2011-1928
* debian/patches/030_thumb2.dpatch; backport disabling process shared
mutexes on arm to fix build hang (LP: #599874)
-- Steve Beattie <email address hidden> Mon, 23 May 2011 12:20:09 -0700
-
apr (1.3.8-1build1) lucid; urgency=low
* No change rebuild to get rid of reference to libuuid.la in libapr-1.la
(causes a bunch of FTBFS).
-- Loic Minier <email address hidden> Fri, 12 Feb 2010 13:55:23 +0100
-
apr (1.3.8-1) unstable; urgency=high
[ Stefan Fritsch ]
* Enable -fstack-protector for arm/armel. A workaround has been added to
gcc.
[ Peter Samuelson ]
* New upstream security release.
- Fix CVE-2009-2412, overflow in pool allocations, where size
alignment was taking place.
apr (1.3.7-1) unstable; urgency=low
* New upstream release.
-- Michael Bienia <email address hidden> Sat, 15 Aug 2009 16:27:46 +0100
