Debian:libaprutil1:fix CVE-2022-25147

Upgrade libaprutil1,libaprutil1,libaprutil1-ldap to the version that CVE-2022-25147 have been fixed: libaprutil1_1.6.1-5_amd64.deb to libaprutil1_1.6.1-5+deb11u1_amd64.deb libaprutil1-dbd-sqlite3_1.6.1-5_amd64.deb to libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_amd64.deb libaprutil1-ldap_1.6.1-5_amd64.deb to libaprutil1-ldap_1.6.1-5+deb11u1_amd64.deb This commit fixes Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) to avoid an attacker writing beyond bounds of a buffer. (Refer to https://security-tracker.debian.org/tracker/CVE-2022-25147) Test plan: PASS: build-pkgs --clean --all && build-image Closes-bug: 2009333 Signed-off-by: Peng <Peng.Zhang2@windriver.com> Change-Id: I139b3d51df946004da3041f7e6438a475204bbff
2023-03-10 21:06:20 +08:00 · 2023-03-10 21:06:20 +08:00 · b9fc758861
parent 066f34ea9e
commit b9fc758861
1 changed files with 3 additions and 3 deletions
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@ -207,9 +207,9 @@ libapache2-mod-wsgi-py3  4.7.1-3+b1
 libapparmor-dev  2.13.6-10
 libapparmor1  2.13.6-10
 libapr1  1.7.0-6+deb11u1
-libaprutil1  1.6.1-5
-libaprutil1-dbd-sqlite3  1.6.1-5
-libaprutil1-ldap  1.6.1-5
+libaprutil1  1.6.1-5+deb11u1  https://snapshot.debian.org/archive/debian-security/20230226T132716Z/pool/updates/main/a/apr-util/libaprutil1_1.6.1-5%2Bdeb11u1_amd64.deb
+libaprutil1-dbd-sqlite3  1.6.1-5+deb11u1  https://snapshot.debian.org/archive/debian-security/20230226T132716Z/pool/updates/main/a/apr-util/libaprutil1-dbd-sqlite3_1.6.1-5%2Bdeb11u1_amd64.deb
+libaprutil1-ldap  1.6.1-5+deb11u1  https://snapshot.debian.org/archive/debian-security/20230226T132716Z/pool/updates/main/a/apr-util/libaprutil1-ldap_1.6.1-5%2Bdeb11u1_amd64.deb
 libapt-pkg6.0  2.2.4
 libarchive13  3.4.3-2+deb11u1
 libarchive-zip-perl  1.68-1