Upgrade libaprutil1,libaprutil1,libaprutil1-ldap to the version that
CVE-2022-25147 have been fixed:
libaprutil1_1.6.1-5_amd64.deb to
libaprutil1_1.6.1-5+deb11u1_amd64.deb
libaprutil1-dbd-sqlite3_1.6.1-5_amd64.deb to
libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_amd64.deb
libaprutil1-ldap_1.6.1-5_amd64.deb to
libaprutil1-ldap_1.6.1-5+deb11u1_amd64.deb
This commit fixes Integer Overflow or Wraparound vulnerability in
apr_base64 functions of Apache Portable Runtime Utility (APR-util) to
avoid an attacker writing beyond bounds of a buffer.
Reviewed: https:/ /review. opendev. org/c/starlingx /tools/ +/877101 /opendev. org/starlingx/ tools/commit/ b9fc758861d0738 87ef11ec9079e20 c105a39a92
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit b9fc758861d0738 87ef11ec9079e20 c105a39a92
Author: Peng <email address hidden>
Date: Fri Mar 10 21:06:20 2023 +0800
Debian: libaprutil1: fix CVE-2022-25147
Upgrade libaprutil1, libaprutil1, libaprutil1- ldap to the version that
CVE-2022-25147 have been fixed:
libaprutil1 _1.6.1- 5_amd64. deb to _1.6.1- 5+deb11u1_ amd64.deb -dbd-sqlite3_ 1.6.1-5_ amd64.deb to -dbd-sqlite3_ 1.6.1-5+ deb11u1_ amd64.deb -ldap_1. 6.1-5_amd64. deb to -ldap_1. 6.1-5+deb11u1_ amd64.deb
libaprutil1
libaprutil1
libaprutil1
libaprutil1
libaprutil1
This commit fixes Integer Overflow or Wraparound vulnerability in
apr_base64 functions of Apache Portable Runtime Utility (APR-util) to
avoid an attacker writing beyond bounds of a buffer.
(Refer to https:/ /security- tracker. debian. org/tracker/ CVE-2022- 25147)
Test plan:
PASS: build-pkgs --clean --all && build-image
Closes-bug: 2009333 04da3041f7e6438 a475204bbff
Signed-off-by: Peng <email address hidden>
Change-Id: I139b3d51df9460