X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type:content-transfer-encoding:reply-to; q=dns; s= default; b=X4mtAiY7/Fkk7MAhIS/vXwG40NnhJ5EEISwSfcgvosOtwgahqDFBO Z5ASQHiKRPmcvuCTfX2HkISaJ/vuyQ5wjQDfiw8plH9Wy2f8VBKzS2w8n8aPFUcC YAzmOy3FFs2rMpSuHS3+Rgac1nwbFEgNGldehtopGmJz/pigcTfKsE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:to:from:subject:message-id:date:mime-version :content-type:content-transfer-encoding:reply-to; s=default; bh= odlaMWTwPWJAIn8Cv8RzQR/0kN4=; b=BbEDmO1ywzPT5V6xgmnYutO8BjbNe7R7 /GqDtzPF7nk8op/MBkowNHlVFs2U/9kNoW6zKYU8UrP4r1ahQXqcz3ejWOt2utL2 p0Gx8rwHpVnC/YUDdlJsJZGd6D7GahAucq4TjIJWOzM0Q9+2c8V9cpWt2Z80dr5+ vCND94QGCUE= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-7.9 required=5.0 tests=ALL_TRUSTED,BAYES_00,GIT_PATCH_2 autolearn=ham version=3.3.2 spammy=assured, H*R:D*cygwin.com X-HELO: localhost.localdomain Authentication-Results: sourceware.org; auth=none X-Virus-Found: No To: cygwin AT cygwin DOT com From: David Rothenberger Subject: [ANNOUNCEMENT] [SECURITY] Updated: libaprutil1-1.6.1-1 Message-Id: Date: Mon, 23 Oct 2017 16:50:29 -0700 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit X-CMAE-Envelope: MS4wfOK4ICHZ5zPoaDuSBvhMV6n6cQSTq/rTj+5p+O9cKI0pBXCW2DLrTqjxbN6ehW1jbKidHSYRj6IZ8jTw6areYbwy8SG38Qvc50cCCLN1vQARt9EGoND7 +XXLYqlsNZSvfeFJW85eBJWV5kxPGGGFI/UjDtyeKlFUoSDoUTj6mKsvCYOeeFtj6ieN2vzUv11DMg== X-IsSubscribed: yes Reply-To: cygwin AT cygwin DOT com SECURITY: ========= APR-util 1.6.1 release addresses one security vulnerability; CVE-2017-12618; Out-of-bounds access in corrupted SDBM database. APR-util 1.6.0 and prior failed to validate the integrity of SDBM database files used by apr_sdbm*() functions, resulting in a possible out of bound read access. A local user with write access to the database can make a program or process using these functions crash, and cause a denial of service. DESCRIPTION: ============ The mission of the Apache Portable Runtime (APR) project is to create and maintain software libraries that provide a predictable and consistent interface to underlying platform-specific implementations. The primary goal is to provide an API to which software developers may code and be assured of predictable if not identical behaviour regardless of the platform on which their software is built, relieving them of the need to code special-case conditions to work around or take advantage of platform-specific deficiencies or features. QUESTIONS: ========== If you want to make a point or ask a question the Cygwin mailing list is the appropriate place. -- David Rothenberger ---- daveroth AT acm DOT org -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple