From 3c783719d09c8f1b79eb73e5ea6589fdb856aebb Mon Sep 17 00:00:00 2001
From: Joe Orton <jorton@apache.org>
Date: Mon, 16 Aug 2021 08:27:09 +0000
Subject: SECURITY: CVE-2021-35940 (cve.mitre.org)

Restore fix for CVE-2017-12613 which was missing in 1.7.x branch, though
was addressed in 1.6.x in 1.6.3 and later via r1807976.

The fix was merged back to 1.7.x in r1891198.

Since this was a regression in 1.7.0, a new CVE name has been assigned
to track this, CVE-2021-35940.

Thanks to Iveta Cesalova <icesalov redhat.com> for reporting this issue.


git-svn-id: https://svn.apache.org/repos/asf/apr/apr/branches/1.7.x@1892358 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/CHANGES b/CHANGES
index 6aac4c0d1..bce513489 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,11 @@
                                                      -*- coding: utf-8 -*-
 Changes for APR 1.7.1
 
+  *) SECURITY: CVE-2021-35940 (cve.mitre.org)
+     Restore fix for out-of-bounds array dereference in apr_time_exp*() functions.
+     (This issue was addressed as CVE-2017-12613 in APR 1.6.3 and
+     later 1.6.x releases, but was missing in 1.7.0.)  [Stefan Sperling]
+
   *) Add error handling for lseek() failures in apr_file_write() and
      apr_file_writev().  [Joe Orton]
 
-- 
cgit v1.2.1