From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter =?utf-8?q?M=C3=BCller?= To: development@lists.ipfire.org Subject: apr is in need of an update Date: Thu, 12 Sep 2024 09:09:00 +0000 Message-ID: <5d1598c6-d2c7-4630-b7db-2d7ae80859cb@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1950973178757133902==" List-Id: --===============1950973178757133902== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hello development folks, as I am currently struggling to get my local build environment in a functiona= l state again, I'd like to flag it here that the Apache Portable Runtime (apr) is in need of= an update. Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users t= o read named shared memory segments. While this doesn't sound overly alarming, my understa= nding is that since APR is relatively close to the untrusted outside, it might beneficial t= o update it sooner rather than later (and I don't exactly know when the merge window for = C189 closes). If somebody is already working on this, please excuse the noise. If not, I ca= n take care of it, provided that I am able to build again on my local machine before departi= ng to London. :-) Thanks, and best regards, Peter M=C3=BCller --===============1950973178757133902==--