Actually, that was in APR-util 1.6.1, see the APR release announcement and Craig's users@httpd post.
On Wed, Oct 25, 2017 at 4:02 PM, Craig Young <cyo...@tripwire.com> wrote: > I’m not sure if this is what is referred to in the Apache 2.4.29 > announcement, but please note that the Apache Portable Runtime v1.6.3 release > resolved memory safety issues I found in functions used within HTTP server. > This was released in conjunction with 2.4.29. > > Using HTTP server linked to prior versions of APR exposes the risks outlined > in my email sent to this list on Monday. > > Best Regards, > Craig > > On 10/25/17, 1:05 PM, "Development Manager" > <devmana...@speedlinesolutions.com> wrote: > > The 2.4.29 changes document doesn't reference any CVE articles, though > the announcement indicates that this is a security release. Are any of the > 2.4.29 changes security related? > > Thanks, > Jim > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org For additional commands, e-mail: users-h...@httpd.apache.org