Control: tags -1 + confirmed On Tue, 2021-08-24 at 09:25 +0200, Yadd wrote: > An out-of-bounds array read in the apr_time_exp*() functions was > fixed in the Apache Portable Runtime 1.6.3 release (CVE-2017-12613). > The fix for this issue was not carried forward to the APR 1.7.x > branch, and hence version 1.7.0 regressed compared to 1.6.3 and is > vulnerable to the same issue. >
Please go ahead. Regards, Adam
