StarlingX

  1. Bug #2009333
  2. Comment #2

Comment 2 for bug 2009333

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/877101
Committed: https://opendev.org/starlingx/tools/commit/b9fc758861d073887ef11ec9079e20c105a39a92
Submitter: "Zuul (22348)"
Branch: master

commit b9fc758861d073887ef11ec9079e20c105a39a92
Author: Peng <email address hidden>
Date: Fri Mar 10 21:06:20 2023 +0800

    Debian:libaprutil1:fix CVE-2022-25147

    Upgrade libaprutil1,libaprutil1,libaprutil1-ldap to the version that
    CVE-2022-25147 have been fixed:

    libaprutil1_1.6.1-5_amd64.deb to
    libaprutil1_1.6.1-5+deb11u1_amd64.deb
    libaprutil1-dbd-sqlite3_1.6.1-5_amd64.deb to
    libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_amd64.deb
    libaprutil1-ldap_1.6.1-5_amd64.deb to
    libaprutil1-ldap_1.6.1-5+deb11u1_amd64.deb

    This commit fixes Integer Overflow or Wraparound vulnerability in
    apr_base64 functions of Apache Portable Runtime Utility (APR-util) to
    avoid an attacker writing beyond bounds of a buffer.

    (Refer to https://security-tracker.debian.org/tracker/CVE-2022-25147)

    Test plan:
    PASS: build-pkgs --clean --all && build-image

    Closes-bug: 2009333
    Signed-off-by: Peng <email address hidden>
    Change-Id: I139b3d51df946004da3041f7e6438a475204bbff