On Mon, Oct 23, 2017 at 01:27:59PM -0500, William A Rowe Jr wrote:
> CVE-2017-12618; Out-of-bounds access in corrupted SDBM database.
>
> APR-util 1.6.0 and prior failed to validate the integrity of SDBM
> database files used by apr_sdbm*() functions, resulting in a
> possible out of bound read access. A local user with write access
> to the database can make a program or process using these functions
> crash, and cause a denial of service.
I am looking for the patch which fixed the above issue.
Where can I find it?
Was it r1809394? All of it? Some of it?
Rationale: APR-util 1.6.3 added a shared library symbol:
No dynamic export changes
PLT added:
apr_xml_parser_done
I want to figure out a way to patch this security issue in
OpenBSD 6.2-stable, without changing unrelated library symbols.
Thanks,
Stefan
