Hi Peter,

On 12/09/2024 11:09, Peter Müller wrote:
> Hello development folks,
>
> as I am currently struggling to get my local build environment in a functional state again,
> I'd like to flag it here that the Apache Portable Runtime (apr) is in need of an update.
>
> Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users to read named
> shared memory segments. While this doesn't sound overly alarming, my understanding is that
> since APR is relatively close to the untrusted outside, it might beneficial to update it
> sooner rather than later (and I don't exactly know when the merge window for C189 closes).
>
> If somebody is already working on this, please excuse the noise. If not, I can take care of
> it, provided that I am able to build again on my local machine before departing to London. :-)

I am not working on it and if you want to use it to get your build system working then feel free to do so. I am willing to build it if you have a problem getting your system to work, just let me know, but I will only be able to do that up to Sunday 15th September as after that I will be travelling.

Regards,

Adolf.

> Thanks, and best regards,
> Peter Müller