| Release | Version |
|---|---|
| jessie | 1.5.1-3+deb8u1 |
| stretch | 1.5.2-5+deb9u1 |
| buster | 1.6.5-1 |
| bullseye | 1.7.0-6+deb11u2 |
| bookworm | 1.7.2-3+deb12u1 |
| trixie | 1.7.5-1 |
| sid | 1.7.5-1 |
| Bug | jessie | stretch | buster | bullseye | bookworm | trixie | sid | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-49582 | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | vulnerable (no DSA, ignored) | fixed | fixed | fixed | Lax permissions set by the Apache Portable Runtime library on Unix pla ... |
| Bug | Description |
|---|---|
| CVE-2022-28331 | On Windows, Apache Portable Runtime 1.7.0 and earlier may write beyond ... |
| CVE-2022-24963 | Integer Overflow or Wraparound vulnerability in apr_encode functions o ... |
| CVE-2021-35940 | An out-of-bounds array read in the apr_time_exp*() functions was fixed ... |
| CVE-2017-12613 | When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ... |
| CVE-2012-0840 | tables/apr_hash.c in the Apache Portable Runtime (APR) library through ... |
| CVE-2011-1928 | The fnmatch implementation in apr_fnmatch.c in the Apache Portable Run ... |
| CVE-2011-0419 | Stack consumption vulnerability in the fnmatch implementation in apr_f ... |
| CVE-2009-2699 | The Solaris pollset feature in the Event Port backend in poll/unix/por ... |
| CVE-2009-2412 | Multiple integer overflows in the Apache Portable Runtime (APR) librar ... |
| DSA / DLA | Description |
|---|---|
| DSA-5370-1 | apr - security update |
| DLA-2897-1 | apr - security update |
| ELA-549-1 | apr - security update |
| DLA-1162-1 | apr - security update |
| DSA-2237-2 | apr - denial of service |
| DSA-1854-1 | apr apr-util - arbitrary code execution |