DSA-1854-1

Name	DSA-1854-1
Source	Debian
Description	apr apr-util - arbitrary code execution
References	CVE-2009-2412
Debian/oldstable	packages apr, apr-util are fixed in oldstable-security.
Debian/stable	not vulnerable
Debian/testing	not known to be vulnerable
Debian/unstable	not known to be vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
apr (PTS)	etch	1.2.7-8.2	vulnerable
	etch (security)	1.2.7-9	fixed
	lenny, lenny (security)	1.2.12-5+lenny1	fixed
apr-util (PTS)	etch	1.2.7+dfsg-2	vulnerable
	etch (security)	1.2.7+dfsg-2+etch3	fixed
	lenny, lenny (security)	1.2.12+dfsg-8+lenny4	fixed

The next table lists affected binary packages.

Binary Package	Release	Version	Status	Architecures
libapr1, libapr1-dbg, libapr1-dev	etch	1.2.7-8.2	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	1.2.7-9	fixed	alpha, amd64, arm, i386, ia64, mips, mipsel, powerpc, s390, sparc
	lenny, lenny (security)	1.2.12-5+lenny1	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
libaprutil1, libaprutil1-dbg, libaprutil1-dev	etch	1.2.7+dfsg-2	vulnerable	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	etch (security)	1.2.7+dfsg-2+etch3	fixed	alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc
	lenny, lenny (security)	1.2.12+dfsg-8+lenny4	fixed	alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390, sparc

The information above is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
apr	source	etch	1.2.7-9	unknown
apr	source	lenny	1.2.12-5+lenny1	unknown
apr-util	source	etch	1.2.7+dfsg-2+etch3	unknown
apr-util	source	lenny	1.2.12+dfsg-8+lenny4	unknown

Home - Testing Security Team - Debian Security - Imprint