Log Message: |
Merge r1889604, r1807975 from trunk:
* random/unix/sha2.c (apr__SHA256_Final, apr__SHA256_End): Fix parameter
buffer lengths to match declaration, avoiding GCC 11 warning.
(no functional change)
SECURITY: CVE-2021-35940 (cve.mitre.org)
Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
(This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
later 1.6.x releases, but was missing in 1.7.0.)
Bounds-check human-readable date fields (credit: Stefan Sperling)
Submitted by: jorton, niq
Reviewed by: jorton
|