CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2023/02/02 14:09:57
Modified files:
devel/apr : Tag: OPENBSD_7_2 Makefile distinfo
devel/apr/patches: Tag: OPENBSD_7_2 patch-apr-config_in
patch-configure_in
patch-memory_unix_apr_pools_c
Log message:
MFC update to apr-1.7.2, ok stsp
CVE-2022-24963: Integer Overflow or Wraparound vulnerability in
apr_encode functions of Apache Portable Runtime (APR) allows an attacker
to write beyond bounds of a buffer.
CVE-2021-35940: Restore fix for out-of-bounds array dereference in
apr_time_exp*() functions. (This issue was addressed as CVE-2017-12613
in APR 1.6.3 and later 1.6.x releases, but was missing in 1.7.0.)
