Public bug reported: A merge of apr appears to be available presently. Upstream: tbd Debian: 1.7.5-1 Ubuntu: 1.7.2-3.2ubuntu1
If it turns out this needs a sync rather than a merge, please change the tag 'needs-merge' to 'needs-sync', and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the Jammy Release Notes: https://discourse.ubuntu.com/c/release/38 ### New Debian Changes ### apr (1.7.5-1) unstable; urgency=medium * New usptream version - CVE-2023-49582: Unexpected lax shared memory permissions Closes: #1080375 -- Stefan Fritsch <[email protected]> Sat, 07 Sep 2024 11:01:36 +0200 apr (1.7.2-3.2) unstable; urgency=medium * Non-maintainer upload. * Fix symbols files which are in a non-standard location. -- Steve Langasek <[email protected]> Fri, 08 Mar 2024 19:11:28 +0000 apr (1.7.2-3.1) unstable; urgency=medium * Non-maintainer upload. * Rename libraries for 64-bit time_t transition. Closes: #1061894 -- Steve Langasek <[email protected]> Wed, 28 Feb 2024 01:17:18 +0000 apr (1.7.2-3) unstable; urgency=medium * Add more fixes for atomics from upstream, in particular for 32 bit archs with weak memory ordering. -- Stefan Fritsch <[email protected]> Sun, 26 Feb 2023 21:51:24 +0100 apr (1.7.2-2) unstable; urgency=medium * Fix 64bit atomics on powerpc and armel. * Bump standards version (no changes). -- Stefan Fritsch <[email protected]> Sat, 04 Feb 2023 12:08:53 +0100 apr (1.7.2-1) unstable; urgency=medium [ Stefan Fritsch ] * New upstream version - CVE-2022-24963: Integer Overflow or Wraparound vulnerability in apr_encode functions * Include PrintPath in libapr1-dev. [ Debian Janitor ] * Bump debhelper from old 12 to 13. * Re-export upstream signing key without extra signatures. * Remove constraints unnecessary since buster: + Build-Depends: Drop versioned constraint on libtool. [ Yadd ] * Bump standards version * Modernize debian/watch * Add 'Rules-Requires-Root: no' -- Stefan Fritsch <[email protected]> Thu, 02 Feb 2023 23:55:35 +0100 apr (1.7.0-8) unstable; urgency=medium * Team upload [ Salvatore Bonaccorso ] * build/apr_common.m4: avoid explicit inclusion of 'confdefs.h' (Closes: #978767) -- Yadd <[email protected]> Tue, 24 Aug 2021 10:54:34 +0200 apr (1.7.0-7) unstable; urgency=medium * Team upload [ Helmut Grohne ] * Annotate test dependencies netbase and net-tools <!nocheck>. Closes: #981738 [ Salvatore Bonaccorso ] * Out-of-bounds array dereference in apr_time_exp*() functions (CVE-2021-35940) (Closes: #992789) -- Yadd <[email protected]> Tue, 24 Aug 2021 08:59:10 +0200 apr (1.7.0-6) unstable; urgency=medium [ John Paul Adrian Glaubitz ] * Fix atomics for m68k, sh3 and sh4. Closes: #978018 -- Stefan Fritsch <[email protected]> Sun, 27 Dec 2020 17:28:47 +0100 apr (1.7.0-4) unstable; urgency=low [ Debian Janitor ] * Trim trailing whitespace. * Transition to automatic debug package (from: libapr1-dbg). * Use secure URI in Homepage field. * Bump debhelper from old 11 to 12. * Set debhelper-compat version in Build-Depends. [ Stefan Fritsch ] * Fix apr libtool on unmerged /usr. Thanks to Vagrant Cascadian for the patch. Closes: #916829 ### Old Ubuntu Delta ### apr (1.7.2-3.2ubuntu1) oracular; urgency=medium * SECURITY UPDATE: local information disclosure via shared memory segments - debian/patches/CVE-2023-49582.patch: adjust permissions on shared memory segments to prevent unauthorized access in shmem/unix/shm.c - CVE-2023-49582 -- Vyom Yadav <[email protected]> Tue, 17 Sep 2024 14:00:04 +0530 ** Affects: apr (Ubuntu) Importance: Undecided Status: New ** Tags: needs-merge upgrade-software-version ** Changed in: apr (Ubuntu) Milestone: None => ubuntu-24.11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2085215 Title: Merge apr from Debian unstable for jammy To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apr/+bug/2085215/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
