ALT-BU-2024-13362-1
Branch sisyphus_loongarch64 update bulletin.
Package aprutil1 updated to version 1.6.3-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
BDU:2024-02969
УУязвимость функции apr_base64 библиотеки Apache Portable Runtime (APR), позволяющая нарушителю выполнить произвольный код
Modified: 2025-02-13
CVE-2022-25147
Integer Overflow or Wraparound vulnerability in apr_base64 functions of Apache Portable Runtime Utility (APR-util) allows an attacker to write beyond bounds of a buffer. This issue affects Apache Portable Runtime Utility (APR-util) 1.6.1 and prior versions.
Package poco updated to version 1.13.3-alt1 for branch sisyphus_loongarch64.
Closed vulnerabilities
Modified: 2025-01-20
CVE-2023-52389
UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0.
- https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release
- https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release
- https://github.com/pocoproject/poco/issues/4320
- https://github.com/pocoproject/poco/issues/4320
- https://lists.debian.org/debian-lts-announce/2025/01/msg00017.html
- https://pocoproject.org/blog/?p=1226
- https://pocoproject.org/blog/?p=1226
Package ejabberd updated to version 21.12-alt4 for branch sisyphus_loongarch64.
Closed bugs
Отсутствует drop-in в tmpfiles.d для создания каталога /run/ejabberd