Note the fix referenced below will be picked up in APR 1.7.1
On Mon, Aug 23, 2021 at 5:25 AM Joe Orton wrote:
>
> Description:
>
> An out-of-bounds array read in the apr_time_exp*() functions was fixed
> in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix
> for this issue was
Description:
An out-of-bounds array read in the apr_time_exp*() functions was fixed
in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix
for this issue was not carried forward to the APR 1.7.x branch, and
hence version 1.7.0 regressed compared to 1.6.3 and is vulnerable to
Description:
An out-of-bounds array read in the apr_time_exp*() functions was fixed in the
Apache Portable Runtime 1.6.3 release (CVE-2017-12613). The fix for this issue
was not carried forward to the APR 1.7.x branch, and hence version 1.7.0
regressed compared to 1.6.3 and is vulnerable to