You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@apr.apache.org by wr...@apache.org on 2017/10/26 23:54:48 UTC

svn commit: r22692 - /dev/apr/Announcement1.x.html /dev/apr/Announcement1.x.txt /release/apr/Announcement1.x.html /release/apr/Announcement1.x.txt

Author: wrowe
Date: Thu Oct 26 23:54:47 2017
New Revision: 22692

Log:
As pointed out by Craig Young... these two were transposed. The APR is 1.6.3
and it's defect was originally attributed to APR-util, and visa versa, where
APR-util is in fact 1.6.1.


Modified:
    dev/apr/Announcement1.x.html
    dev/apr/Announcement1.x.txt
    release/apr/Announcement1.x.html
    release/apr/Announcement1.x.txt

Modified: dev/apr/Announcement1.x.html
==============================================================================
--- dev/apr/Announcement1.x.html (original)
+++ dev/apr/Announcement1.x.html Thu Oct 26 23:54:47 2017
@@ -22,24 +22,9 @@
 </p>
 
 <p>
-   APR 1.6.1 release addresses one security vulnerability;
+   APR 1.6.3 release addresses one security vulnerability;
 </p>
 <ul>
- <li>CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
-     <br />
-     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
-     database files used by apr_sdbm*() functions, resulting in a 
-     possible out of bound read access. A local user with write access
-     to the database can make a program or process using these functions
-     crash, and cause a denial of service.
- </li>
-</ul>
-
-<p>
-   APR-util 1.6.3 release addresses one security vulnerability;
-</p>
-
-<ul>
  <li>CVE-2017-12613; Out-of-bounds array deref in apr_time_exp*() functions
      <br />
      When apr_exp_time*() or apr_os_exp_time*() functions are invoked
@@ -53,6 +38,20 @@
  </li>
 </ul>
 
+<p>
+   APR-util 1.6.1 release addresses one security vulnerability;
+</p>
+<ul>
+ <li>CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
+     <br />
+     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
+     database files used by apr_sdbm*() functions, resulting in a 
+     possible out of bound read access. A local user with write access
+     to the database can make a program or process using these functions
+     crash, and cause a denial of service.
+ </li>
+</ul>
+
 <p>
    There are a number of specific changes in how APR is deployed
    and how APR-util deals with external dependencies in their 1.6

Modified: dev/apr/Announcement1.x.txt
==============================================================================
--- dev/apr/Announcement1.x.txt (original)
+++ dev/apr/Announcement1.x.txt Thu Oct 26 23:54:47 2017
@@ -7,17 +7,7 @@
    version 1.6.1 of the APR Utility library (APR-util) and version
    1.2.2 of the APR iconv library (APR-iconv).
 
-   APR 1.6.1 release addresses one security vulnerability;
-
-     CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
-
-     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
-     database files used by apr_sdbm*() functions, resulting in a 
-     possible out of bound read access. A local user with write access
-     to the database can make a program or process using these functions
-     crash, and cause a denial of service.
-
-   APR-util 1.6.3 release addresses one security vulnerability;
+   APR 1.6.3 release addresses one security vulnerability;
 
      CVE-2017-12613; Out-of-bounds array deref in apr_time_exp*() functions
 
@@ -30,6 +20,16 @@
      vulnerability to applications which call these APR functions with
      unvalidated external input.
 
+   APR-util 1.6.1 release addresses one security vulnerability;
+
+     CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
+
+     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
+     database files used by apr_sdbm*() functions, resulting in a 
+     possible out of bound read access. A local user with write access
+     to the database can make a program or process using these functions
+     crash, and cause a denial of service.
+
    There are a number of specific changes in how APR is deployed
    and how APR-util deals with external dependencies in their 1.6
    releases, which may be disruptive to existing build strategies:

Modified: release/apr/Announcement1.x.html
==============================================================================
--- release/apr/Announcement1.x.html (original)
+++ release/apr/Announcement1.x.html Thu Oct 26 23:54:47 2017
@@ -22,24 +22,9 @@
 </p>
 
 <p>
-   APR 1.6.1 release addresses one security vulnerability;
+   APR 1.6.3 release addresses one security vulnerability;
 </p>
 <ul>
- <li>CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
-     <br />
-     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
-     database files used by apr_sdbm*() functions, resulting in a 
-     possible out of bound read access. A local user with write access
-     to the database can make a program or process using these functions
-     crash, and cause a denial of service.
- </li>
-</ul>
-
-<p>
-   APR-util 1.6.3 release addresses one security vulnerability;
-</p>
-
-<ul>
  <li>CVE-2017-12613; Out-of-bounds array deref in apr_time_exp*() functions
      <br />
      When apr_exp_time*() or apr_os_exp_time*() functions are invoked
@@ -53,6 +38,20 @@
  </li>
 </ul>
 
+<p>
+   APR-util 1.6.1 release addresses one security vulnerability;
+</p>
+<ul>
+ <li>CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
+     <br />
+     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
+     database files used by apr_sdbm*() functions, resulting in a 
+     possible out of bound read access. A local user with write access
+     to the database can make a program or process using these functions
+     crash, and cause a denial of service.
+ </li>
+</ul>
+
 <p>
    There are a number of specific changes in how APR is deployed
    and how APR-util deals with external dependencies in their 1.6

Modified: release/apr/Announcement1.x.txt
==============================================================================
--- release/apr/Announcement1.x.txt (original)
+++ release/apr/Announcement1.x.txt Thu Oct 26 23:54:47 2017
@@ -7,17 +7,7 @@
    version 1.6.1 of the APR Utility library (APR-util) and version
    1.2.2 of the APR iconv library (APR-iconv).
 
-   APR 1.6.1 release addresses one security vulnerability;
-
-     CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
-
-     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
-     database files used by apr_sdbm*() functions, resulting in a 
-     possible out of bound read access. A local user with write access
-     to the database can make a program or process using these functions
-     crash, and cause a denial of service.
-
-   APR-util 1.6.3 release addresses one security vulnerability;
+   APR 1.6.3 release addresses one security vulnerability;
 
      CVE-2017-12613; Out-of-bounds array deref in apr_time_exp*() functions
 
@@ -30,6 +20,16 @@
      vulnerability to applications which call these APR functions with
      unvalidated external input.
 
+   APR-util 1.6.1 release addresses one security vulnerability;
+
+     CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
+
+     APR-util 1.6.0 and prior failed to validate the integrity of SDBM
+     database files used by apr_sdbm*() functions, resulting in a 
+     possible out of bound read access. A local user with write access
+     to the database can make a program or process using these functions
+     crash, and cause a denial of service.
+
    There are a number of specific changes in how APR is deployed
    and how APR-util deals with external dependencies in their 1.6
    releases, which may be disruptive to existing build strategies: