Friday, August 7, 2009

Security Updates: apr, apr-util, and subversion

Three security updates are released today. They are apr, apr-util, and subversion. There's also some improvement on qt and also httpd rebuild due to apr updates.

Here's the latest -Current changelog:
Fri Aug 7 01:26:38 CDT 2009
d/subversion-1.6.4-i486-1.txz: Upgraded.
Fixed heap overflow vulnerability on server and client.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2411
http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt
(* Security fix *)

l/apr-1.3.8-i486-1.txz: Upgraded.
Fix overflow in pools and rmm, where size alignment was taking place.
[Matt Lewis , Sander Striker]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
(* Security fix *)

l/apr-util-1.3.9-i486-1.txz: Upgraded.
Fix overflow in rmm, where size alignment was taking place.
[Matt Lewis , Sander Striker]
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412
(* Security fix *)

l/qt-r1008078-i486-1.txz: Upgraded.
Added some missing symlinks to binaries and pkgconfig files.
Thanks to Heinz Wiesinger for the build script improvements!

n/httpd-2.2.12-i486-2.txz: Rebuilt.
Recompiled against the new apr and apr-util. This allows external modules to be built without having to edit the new apr/apr-util version numbers into the httpd config files.