public inbox for development@lists.ipfire.org
 help / color / mirror / Atom feed
* apr is in need of an update
@ 2024-09-12  9:09 Peter Müller
  2024-09-12 12:46 ` Adolf Belka
  0 siblings, 1 reply; 2+ messages in thread
From: Peter Müller @ 2024-09-12  9:09 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 813 bytes --]

Hello development folks,

as I am currently struggling to get my local build environment in a functional state again,
I'd like to flag it here that the Apache Portable Runtime (apr) is in need of an update.

Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users to read named
shared memory segments. While this doesn't sound overly alarming, my understanding is that
since APR is relatively close to the untrusted outside, it might beneficial to update it
sooner rather than later (and I don't exactly know when the merge window for C189 closes).

If somebody is already working on this, please excuse the noise. If not, I can take care of
it, provided that I am able to build again on my local machine before departing to London. :-)

Thanks, and best regards,
Peter Müller

^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: apr is in need of an update
  2024-09-12  9:09 apr is in need of an update Peter Müller
@ 2024-09-12 12:46 ` Adolf Belka
  0 siblings, 0 replies; 2+ messages in thread
From: Adolf Belka @ 2024-09-12 12:46 UTC (permalink / raw)
  To: development

[-- Attachment #1: Type: text/plain, Size: 1219 bytes --]

Hi Peter,

On 12/09/2024 11:09, Peter Müller wrote:
> Hello development folks,
>
> as I am currently struggling to get my local build environment in a functional state again,
> I'd like to flag it here that the Apache Portable Runtime (apr) is in need of an update.
>
> Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users to read named
> shared memory segments. While this doesn't sound overly alarming, my understanding is that
> since APR is relatively close to the untrusted outside, it might beneficial to update it
> sooner rather than later (and I don't exactly know when the merge window for C189 closes).
>
> If somebody is already working on this, please excuse the noise. If not, I can take care of
> it, provided that I am able to build again on my local machine before departing to London. :-)

I am not working on it and if you want to use it to get your build system working then feel free to do so. I am willing to build it if you have a problem getting your system to work, just let me know, but I will only be able to do that up to Sunday 15th September as after that I will be travelling.

Regards,

Adolf.

> Thanks, and best regards,
> Peter Müller

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-09-12 12:46 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-09-12  9:09 apr is in need of an update Peter Müller
2024-09-12 12:46 ` Adolf Belka

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox