Bug#879708: CVE-2017-12613 CVE-2017-12618

To: 879708@bugs.debian.org
Subject: Bug#879708: CVE-2017-12613 CVE-2017-12618
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Tue, 24 Oct 2017 22:35:37 +0200
Message-id: <[🔎] 20171024203537.rxveekujlzpe7yns@pisco.westfalen.local>
Reply-to: Moritz Muehlenhoff <jmm@debian.org>, 879708@bugs.debian.org
In-reply-to: <[🔎] 150887688237.19818.10942024786552462141.reportbug@hullmann.westfalen.local>
References: <[🔎] 150887688237.19818.10942024786552462141.reportbug@hullmann.westfalen.local> <[🔎] 150887688237.19818.10942024786552462141.reportbug@hullmann.westfalen.local>

On Tue, Oct 24, 2017 at 10:28:02PM +0200, Moritz Muehlenhoff wrote:
> Source: apr-util
> Severity: important
> Tags: security
> 
> I'm sure you're aware, but filing for completeness in the BTS anyway:
> http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E 

Actually CVE-2017-12618 is in apr-util and CVE-2017-12613 in apr

I don't think any of those need a DSA, but let me know if you disagree.

Cheers,
        Moritz

Reply to:

References:
- Bug#879708: CVE-2017-12613 CVE-2017-12618
  - From: Moritz Muehlenhoff <jmm@debian.org>

Prev by Date: Bug#879708: CVE-2017-12613 CVE-2017-12618
Next by Date: Bug#878920: IncludeOptional should deal gracefully with a missing directory in the specified path
Previous by thread: Bug#879708: CVE-2017-12613 CVE-2017-12618
Next by thread: Processed: tagging 879708, found 879708 in 1.6.0-1
Index(es):
- Date
- Thread