mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2024-09-20 11:23:16 +00:00
main/apr: security upgrade to 1.7.5
Fix CVE-2023-49582: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) - https://downloads.apache.org/apr/CHANGES-APR-1.7 - https://www.cve.org/CVERecord?id=CVE-2023-49582
This commit is contained in:
parent
5de2c8bae4
commit
d392a45c63
1 changed files with 4 additions and 2 deletions
|
@ -1,6 +1,6 @@
|
|||
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
|
||||
pkgname=apr
|
||||
pkgver=1.7.4
|
||||
pkgver=1.7.5
|
||||
pkgrel=0
|
||||
pkgdesc="The Apache Portable Runtime"
|
||||
url="https://apr.apache.org/"
|
||||
|
@ -15,6 +15,8 @@ source="https://www.apache.org/dist/apr/apr-$pkgver.tar.bz2
|
|||
"
|
||||
|
||||
# secfixes:
|
||||
# 1.7.5-r0:
|
||||
# - CVE-2023-49582
|
||||
# 1.7.1-r0:
|
||||
# - CVE-2022-24963
|
||||
# - CVE-2022-25147
|
||||
|
@ -62,7 +64,7 @@ dev() {
|
|||
}
|
||||
|
||||
sha512sums="
|
||||
2342c997765ea2ca96eac158e5fd260232dba68fc41b90a79a7ba9b25c539fc217981867362090e0ebebe632289257c342275e3c5baedb698c474ef8f49a9dcd apr-1.7.4.tar.bz2
|
||||
d8a7553642da0c81261ac3992536efd9d43ecb9154934ef1a10ae808d6a3ce8198b40433091d3a6d04f61e67c59426fb5276193a37e810ae4bc74a8a10fb651b apr-1.7.5.tar.bz2
|
||||
9fb931e45f30fbe68af56849dfca148c09cdf85e300af14fb259cbd43470113288680bdb21189d4cf13f5ce95f8d28666822535e017e64ace5324339ab50cbef apr-1.6.2-dont-test-dlclose.patch
|
||||
5d1afa9419d0481e7c3369724e8b4c1e199cbfd5d031bd9d9fc4f46ee0d3819353ff03c3b2c508d5b939f66ef4549953bbf9cdae7ff934002b9a01d824c843e8 semtimedop-s390x.patch
|
||||
"
|
||||
|
|
Loading…
Reference in a new issue