From mboxrd@z Thu Jan 1 00:00:00 1970 From: Adolf Belka To: development@lists.ipfire.org Subject: Re: apr is in need of an update Date: Thu, 12 Sep 2024 14:46:06 +0200 Message-ID: <266718ba-c641-4851-92eb-9f04afa322ae@ipfire.org> In-Reply-To: <5d1598c6-d2c7-4630-b7db-2d7ae80859cb@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============3458797611646014516==" List-Id: --===============3458797611646014516== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi Peter, On 12/09/2024 11:09, Peter M=C3=BCller wrote: > Hello development folks, > > as I am currently struggling to get my local build environment in a functio= nal state again, > I'd like to flag it here that the Apache Portable Runtime (apr) is in need = of an update. > > Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users= to read named > shared memory segments. While this doesn't sound overly alarming, my unders= tanding is that > since APR is relatively close to the untrusted outside, it might beneficial= to update it > sooner rather than later (and I don't exactly know when the merge window fo= r C189 closes). > > If somebody is already working on this, please excuse the noise. If not, I = can take care of > it, provided that I am able to build again on my local machine before depar= ting to London. :-) I am not working on it and if you want to use it to get your build system wor= king then feel free to do so. I am willing to build it if you have a problem = getting your system to work, just let me know, but I will only be able to do = that up to Sunday 15th September as after that I will be travelling. Regards, Adolf. > Thanks, and best regards, > Peter M=C3=BCller --===============3458797611646014516==--