Hello development folks,
as I am currently struggling to get my local build environment in a functional state again, I'd like to flag it here that the Apache Portable Runtime (apr) is in need of an update.
Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users to read named shared memory segments. While this doesn't sound overly alarming, my understanding is that since APR is relatively close to the untrusted outside, it might beneficial to update it sooner rather than later (and I don't exactly know when the merge window for C189 closes).
If somebody is already working on this, please excuse the noise. If not, I can take care of it, provided that I am able to build again on my local machine before departing to London. :-)
Thanks, and best regards, Peter Müller