Hello development folks,
as I am currently struggling to get my local build environment in a functional state again, I'd like to flag it here that the Apache Portable Runtime (apr) is in need of an update.
Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users to read named shared memory segments. While this doesn't sound overly alarming, my understanding is that since APR is relatively close to the untrusted outside, it might beneficial to update it sooner rather than later (and I don't exactly know when the merge window for C189 closes).
If somebody is already working on this, please excuse the noise. If not, I can take care of it, provided that I am able to build again on my local machine before departing to London. :-)
Thanks, and best regards, Peter Müller
Hi Peter,
On 12/09/2024 11:09, Peter Müller wrote:
Hello development folks,
as I am currently struggling to get my local build environment in a functional state again, I'd like to flag it here that the Apache Portable Runtime (apr) is in need of an update.
Version 1.7.5 fixes CVE-2023-49582, a flaw potentially allowing local users to read named shared memory segments. While this doesn't sound overly alarming, my understanding is that since APR is relatively close to the untrusted outside, it might beneficial to update it sooner rather than later (and I don't exactly know when the merge window for C189 closes).
If somebody is already working on this, please excuse the noise. If not, I can take care of it, provided that I am able to build again on my local machine before departing to London. :-)
I am not working on it and if you want to use it to get your build system working then feel free to do so. I am willing to build it if you have a problem getting your system to work, just let me know, but I will only be able to do that up to Sunday 15th September as after that I will be travelling.
Regards,
Adolf.
Thanks, and best regards, Peter Müller
-
Adolf Belka -
Peter Müller