From b9fc758861d073887ef11ec9079e20c105a39a92 Mon Sep 17 00:00:00 2001
From: Peng <Peng.Zhang2@windriver.com>
Date: Fri, 10 Mar 2023 21:06:20 +0800
Subject: [PATCH] Debian:libaprutil1:fix CVE-2022-25147

Upgrade libaprutil1,libaprutil1,libaprutil1-ldap to the version that
CVE-2022-25147 have been fixed:

libaprutil1_1.6.1-5_amd64.deb to
libaprutil1_1.6.1-5+deb11u1_amd64.deb
libaprutil1-dbd-sqlite3_1.6.1-5_amd64.deb to
libaprutil1-dbd-sqlite3_1.6.1-5+deb11u1_amd64.deb
libaprutil1-ldap_1.6.1-5_amd64.deb to
libaprutil1-ldap_1.6.1-5+deb11u1_amd64.deb

This commit fixes Integer Overflow or Wraparound vulnerability in
apr_base64 functions of Apache Portable Runtime Utility (APR-util) to
avoid an attacker writing beyond bounds of a buffer.

(Refer to https://security-tracker.debian.org/tracker/CVE-2022-25147)

Test plan:
PASS: build-pkgs --clean --all && build-image

Closes-bug: 2009333
Signed-off-by: Peng <Peng.Zhang2@windriver.com>
Change-Id: I139b3d51df946004da3041f7e6438a475204bbff
---
 debian-mirror-tools/config/debian/common/base-bullseye.lst | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/debian-mirror-tools/config/debian/common/base-bullseye.lst b/debian-mirror-tools/config/debian/common/base-bullseye.lst
index 8a58536b..b0bb36c1 100644
--- a/debian-mirror-tools/config/debian/common/base-bullseye.lst
+++ b/debian-mirror-tools/config/debian/common/base-bullseye.lst
@@ -207,9 +207,9 @@ libapache2-mod-wsgi-py3  4.7.1-3+b1
 libapparmor-dev  2.13.6-10
 libapparmor1  2.13.6-10
 libapr1  1.7.0-6+deb11u1
-libaprutil1  1.6.1-5
-libaprutil1-dbd-sqlite3  1.6.1-5
-libaprutil1-ldap  1.6.1-5
+libaprutil1  1.6.1-5+deb11u1  https://snapshot.debian.org/archive/debian-security/20230226T132716Z/pool/updates/main/a/apr-util/libaprutil1_1.6.1-5%2Bdeb11u1_amd64.deb
+libaprutil1-dbd-sqlite3  1.6.1-5+deb11u1  https://snapshot.debian.org/archive/debian-security/20230226T132716Z/pool/updates/main/a/apr-util/libaprutil1-dbd-sqlite3_1.6.1-5%2Bdeb11u1_amd64.deb
+libaprutil1-ldap  1.6.1-5+deb11u1  https://snapshot.debian.org/archive/debian-security/20230226T132716Z/pool/updates/main/a/apr-util/libaprutil1-ldap_1.6.1-5%2Bdeb11u1_amd64.deb
 libapt-pkg6.0  2.2.4
 libarchive13  3.4.3-2+deb11u1
 libarchive-zip-perl  1.68-1