[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apr-cvs
Subject:    svn commit: r1907155 - /apr/apr/branches/1.7.x/CHANGES
From:       covener () apache ! org
Date:       2023-01-31 15:25:03
Message-ID: 20230131152503.12D0D17CC26 () svn01-us-east ! apache ! org
[Download RAW message or body]

Author: covener
Date: Tue Jan 31 15:25:02 2023
New Revision: 1907155

URL: http://svn.apache.org/viewvc?rev=1907155&view=rev
Log:
changes for released CVES

Modified:
    apr/apr/branches/1.7.x/CHANGES

Modified: apr/apr/branches/1.7.x/CHANGES
URL: http://svn.apache.org/viewvc/apr/apr/branches/1.7.x/CHANGES?rev=1907155&r1=1907154&r2=1907155&view=diff
 ==============================================================================
--- apr/apr/branches/1.7.x/CHANGES [utf-8] (original)
+++ apr/apr/branches/1.7.x/CHANGES [utf-8] Tue Jan 31 15:25:02 2023
@@ -1,6 +1,16 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 1.7.1
 
+  *) SECURITY: CVE-2022-24963 (cve.mitre.org)
+     Integer Overflow or Wraparound vulnerability in apr_encode functions of 
+     Apache Portable Runtime (APR) allows an attacker to write beyond bounds 
+     of a buffer.
+
+  *) SECURITY: CVE-2022-28331 (cve.mitre.org)
+     On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond 
+     the end of a stack based buffer in apr_socket_sendv(). This is a result 
+     of integer overflow.
+
   *) SECURITY: CVE-2021-35940 (cve.mitre.org)
      Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
      (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and


[prev in list] [next in list] [prev in thread] [next in thread]