On Tue, Oct 24, 2017 at 10:28:02PM +0200, Moritz Muehlenhoff wrote: > Source: apr-util > Severity: important > Tags: security > > I'm sure you're aware, but filing for completeness in the BTS anyway: > http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E >
Actually CVE-2017-12618 is in apr-util and CVE-2017-12613 in apr
I don't think any of those need a DSA, but let me know if you disagree.
Cheers,
Moritz
