oss-sec mailing list archives
Re: CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions
From: Zube <Zube () stat colostate edu>
Date: Tue, 31 Jan 2023 10:52:30 -0700
And what's the fix? Is there a patch to apply or new version to upgrade to?
https://apr.apache.org/download.cgi has 1.7.1 and 1.6.2, although the directories created are labeled -rc2 and -rc3. Cheers.
Current thread:
- CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Eric Covener (Jan 31)
- Re: CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Alan Coopersmith (Jan 31)
- Re: CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Zube (Jan 31)
- Re: CVE-2022-24963: Apache Portable Runtime (APR): out-of-bound writes in the apr_encode family of functions Alan Coopersmith (Jan 31)