Source: apr Version: 1.7.2-3 Severity: important Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for apr. CVE-2023-49582[0]: | Lax permissions set by the Apache Portable Runtime library on Unix | platforms would allow local users read access to named shared memory | segments, potentially revealing sensitive application data. This | issue does not affect non-Unix platforms, or builds | with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to | upgrade to APR version 1.7.5, which fixes this issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2023-49582 https://www.cve.org/CVERecord?id=CVE-2023-49582 [1] https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0 Regards, Salvatore