Actually, that was in APR-util 1.6.1, see the APR release announcement
and Craig's
users@httpd post.



On Wed, Oct 25, 2017 at 4:02 PM, Craig Young <cyo...@tripwire.com> wrote:
> I’m not sure if this is what is referred to in the Apache 2.4.29 
> announcement, but please note that the Apache Portable Runtime v1.6.3 release 
> resolved memory safety issues I found in functions used within HTTP server.  
> This was released in conjunction with 2.4.29.
>
> Using HTTP server linked to prior versions of APR exposes the risks outlined 
> in my email sent to this list on Monday.
>
> Best Regards,
> Craig
>
> On 10/25/17, 1:05 PM, "Development Manager" 
> <devmana...@speedlinesolutions.com> wrote:
>
>     The 2.4.29 changes document doesn't reference any CVE articles, though 
> the announcement indicates that this is a security release. Are any of the 
> 2.4.29 changes security related?
>
>     Thanks,
>     Jim
>
>     ---------------------------------------------------------------------
>     To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
>     For additional commands, e-mail: users-h...@httpd.apache.org
>
>
>

Reply via email to