var-200908-0708
Vulnerability from variot

Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and 'APR-util' are prone to multiple integer-overflow vulnerabilities. Attackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions.

This update provides fixes for these vulnerabilities.


References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412


Updated Packages:

Mandriva Linux 2008.1: bd5757bce0a8299edcf7dcc3e2980964 2008.1/i586/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.i586.rpm 50ba5cc45e1f72e8219addc0df369ca4 2008.1/i586/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.i586.rpm 1cb0f643e4084741afefb8d25d975062 2008.1/i586/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.i586.rpm 23990e6d23f02addecd2d3dcd7d68baf 2008.1/i586/libapr1-1.2.12-3.1mdv2008.1.i586.rpm 002cebd9b1e101cc487490fb5e1de4b9 2008.1/i586/libapr-devel-1.2.12-3.1mdv2008.1.i586.rpm 178584e4fee60428188b4f8be39e8b22 2008.1/i586/libapr-util1-1.2.12-4.2mdv2008.1.i586.rpm d718e18960ee01edbfc9cf99cb335604 2008.1/i586/libapr-util-devel-1.2.12-4.2mdv2008.1.i586.rpm bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm

Mandriva Linux 2008.1/X86_64: 6a9a81c520c8e30b5f8fbbe54d185dff 2008.1/x86_64/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.x86_64.rpm cc9d7917d41f5ca317d2942c2d14c859 2008.1/x86_64/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.x86_64.rpm 016e48025c0fec50db868ba23d20140e 2008.1/x86_64/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.x86_64.rpm 6ee3859a30eab3399275b29356df5727 2008.1/x86_64/lib64apr1-1.2.12-3.1mdv2008.1.x86_64.rpm 766f74618ab9532eef5ab40f94112579 2008.1/x86_64/lib64apr-devel-1.2.12-3.1mdv2008.1.x86_64.rpm 6e57aa1381b9af730eec5f313f8d5d79 2008.1/x86_64/lib64apr-util1-1.2.12-4.2mdv2008.1.x86_64.rpm 6fda7ebf5640ad5ad9ba0d2d1169dbc9 2008.1/x86_64/lib64apr-util-devel-1.2.12-4.2mdv2008.1.x86_64.rpm bf792d204211369b8c63051f1360fd97 2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm dcbd01ea287e6d8efc276dfa074c3930 2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm

Mandriva Linux 2009.0: 89786c5904cee8d22c5140528d412a1c 2009.0/i586/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.i586.rpm 19df90719d15def384b7aec1efc5dcd8 2009.0/i586/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.i586.rpm e164acf4668fd239f2801698e3dc9aa4 2009.0/i586/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.i586.rpm 70f55ca514ef15778001082f3c51a9fd 2009.0/i586/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.i586.rpm 85135d9490be22fc56a897cf9d5fba7e 2009.0/i586/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.i586.rpm 424d3a8896bc70503a69dc8c4d9882a9 2009.0/i586/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.i586.rpm 586edd704499f119527638f0f1913614 2009.0/i586/libapr1-1.3.3-2.1mdv2009.0.i586.rpm f5065323fca63075434ce1eb850e3c01 2009.0/i586/libapr-devel-1.3.3-2.1mdv2009.0.i586.rpm 4aba7262b561a1d67187c799cd06a138 2009.0/i586/libapr-util1-1.3.4-2.2mdv2009.0.i586.rpm a125fa8529bd8dd79ada83747c23f9d4 2009.0/i586/libapr-util-devel-1.3.4-2.2mdv2009.0.i586.rpm 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm

Mandriva Linux 2009.0/X86_64: 667ffab851dd6babd31700a5d9c113a7 2009.0/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.x86_64.rpm 08089224bb9da997752624d85c229251 2009.0/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.x86_64.rpm 7ce1a16bc3e35fc4a3dcb8a1e148c05b 2009.0/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.x86_64.rpm 075dbc136d3110952d54f9a85761c1b6 2009.0/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.x86_64.rpm 90edf3ec758ed79a7973a36141ddc295 2009.0/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.x86_64.rpm f15ee7ff2b203c436eab2d7e4c118a1d 2009.0/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.x86_64.rpm 2b0529a353e38a0eda5f8d08ecf95554 2009.0/x86_64/lib64apr1-1.3.3-2.1mdv2009.0.x86_64.rpm 524773745dfeb06cd86e7149723c6cbe 2009.0/x86_64/lib64apr-devel-1.3.3-2.1mdv2009.0.x86_64.rpm 3e7bc1d3e713ba5893c34215ee93f932 2009.0/x86_64/lib64apr-util1-1.3.4-2.2mdv2009.0.x86_64.rpm 44be6021b3db277a5993f488b02074db 2009.0/x86_64/lib64apr-util-devel-1.3.4-2.2mdv2009.0.x86_64.rpm 23e454eea7e368502047b85976d1ef88 2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm 162271ed051fa5de81a973e5adc487dc 2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm

Mandriva Linux 2009.1: 0b3427fcb40fcd8e068eb81e8de67685 2009.1/i586/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.i586.rpm 77e215797fc02c290e59ce072a36fffc 2009.1/i586/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.i586.rpm 05d1106df36459a7a40ecb11d5560c61 2009.1/i586/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.i586.rpm 97adcfda40750873588942a9ab0e5e3c 2009.1/i586/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.i586.rpm 1b9379f8d6ec49908d43d4228ecbee66 2009.1/i586/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.i586.rpm a5e5bb25d2e370e22f274482afe74fd8 2009.1/i586/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.i586.rpm 1f907eab0d93dd413086f0943988284c 2009.1/i586/libapr1-1.3.3-5.1mdv2009.1.i586.rpm a6992c671c7352c2965f46abced93b8a 2009.1/i586/libapr-devel-1.3.3-5.1mdv2009.1.i586.rpm e748ca10352eaa46ef2514ce8718674b 2009.1/i586/libapr-util1-1.3.4-9.2mdv2009.1.i586.rpm 73afb8eabe81ae8be63f1ba9d8fc3bf2 2009.1/i586/libapr-util-devel-1.3.4-9.2mdv2009.1.i586.rpm 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm

Mandriva Linux 2009.1/X86_64: f0b10ee44c9092605ad1137a46e4955c 2009.1/x86_64/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.x86_64.rpm 98247a74314a56b6f4097a9943e236c0 2009.1/x86_64/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.x86_64.rpm 2e0d895eb1b93c2518436ab4c678da23 2009.1/x86_64/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.x86_64.rpm 8269586d2608f6e79eff11de7bda333e 2009.1/x86_64/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.x86_64.rpm 489b31861a5fabd272348ca224e4d9b4 2009.1/x86_64/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.x86_64.rpm b1164ff6f2e06bfcada083e9d11c1595 2009.1/x86_64/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.x86_64.rpm 257e2b240479fb7c472efa7de7ee11c8 2009.1/x86_64/lib64apr1-1.3.3-5.1mdv2009.1.x86_64.rpm 222f5f44d9600dcf593923ea6422d47e 2009.1/x86_64/lib64apr-devel-1.3.3-5.1mdv2009.1.x86_64.rpm 99ef537b486eccad55d8f0d79f37abbd 2009.1/x86_64/lib64apr-util1-1.3.4-9.2mdv2009.1.x86_64.rpm 9d9e0933f57289530059e5a9b3e42e1c 2009.1/x86_64/lib64apr-util-devel-1.3.4-9.2mdv2009.1.x86_64.rpm 1a1706c01c2668a058a54c06d6e5aac6 2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm 241d8b7b1261089d299f9b8463f391a7 2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm

Corporate 3.0: 39d0747e39f45148c8540e76a272f219 corporate/3.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm 9c7677568ec7e3fab84ed224af029d6a corporate/3.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm 9f60f68aa326aaaa02cb6e9346ac0b7b corporate/3.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm a9051117cf2a34ed7cf9066e31d1767f corporate/3.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm ddc2cafb1a02ee501e5127a8731ea942 corporate/3.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm f3bbd229b347489f40b81419214c42bd corporate/3.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm cd19b116ef93c07f78efbe4393d2e3be corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm 5a2da72b9255a8c35f0ed877899f90eb corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm e940b8e3b2da880bca84ebc9f528b2e6 corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm 5d713bee1985cc49c585b4289ee76f1e corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm f293fbf344f6fc55e92170518a710149 corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm f4c48499cb6968a12a5250e3464a2b30 corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm 997ea437e49903a014de32e61573de7a corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm fe5f16a62fc94177286445e9830cb6a6 corporate/3.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm 4eb89be3edc9f7dd0511e22d64baefe2 corporate/3.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm 64be98dcd021367f603e972cc40d6710 corporate/3.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm

Corporate 3.0/X86_64: c84b780216da90735018f37b8d606ad9 corporate/3.0/x86_64/apache2-2.0.48-6.22.C30mdk.x86_64.rpm 079ef7c187ea63bdfdb7b2f8e0c7ed85 corporate/3.0/x86_64/apache2-common-2.0.48-6.22.C30mdk.x86_64.rpm 78d8764d894dcf4821e3014b3bf0a1c2 corporate/3.0/x86_64/apache2-devel-2.0.48-6.22.C30mdk.x86_64.rpm e938351292eaf95bad5937066e071f6e corporate/3.0/x86_64/apache2-manual-2.0.48-6.22.C30mdk.x86_64.rpm b7b0c47891c1da19b9bfedd5eaeb5a12 corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.22.C30mdk.x86_64.rpm 14603191e70ea26450ad9f5254f1eff8 corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.22.C30mdk.x86_64.rpm f49c1f32bfa9b325836e28f7078d3897 corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.22.C30mdk.x86_64.rpm 0d8058c7d57105b18e97579817872d95 corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.x86_64.rpm 09b7bdc4907e672ee9b83a9f0ed2fb13 corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.22.C30mdk.x86_64.rpm 90a9565c923530b22f4141d2a186972b corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.22.C30mdk.x86_64.rpm 0f244810519460074938138d87a11997 corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.x86_64.rpm 0836106477de3d26f4c31a595c996cdc corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.22.C30mdk.x86_64.rpm 353d05dfc30072a39f3597c39454f331 corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.22.C30mdk.x86_64.rpm 1234e8bf94a4ddf65cf225aaf4367937 corporate/3.0/x86_64/apache2-modules-2.0.48-6.22.C30mdk.x86_64.rpm fbb25973021e327262cc152fd46996cc corporate/3.0/x86_64/apache2-source-2.0.48-6.22.C30mdk.x86_64.rpm 0520ca7c45963a2e2e26d8e3b5f63c41 corporate/3.0/x86_64/lib64apr0-2.0.48-6.22.C30mdk.x86_64.rpm 5c5a7cb9305c8b0d469fc424931ae215 corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm

Corporate 4.0: 59bb8b01944e22319fcd4a0202bdffd9 corporate/4.0/i586/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.i586.rpm 75fc1a2cbde6e0426f3f59cfd099b3b1 corporate/4.0/i586/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.i586.rpm 73cbae192430eca396ba79f548437cc1 corporate/4.0/i586/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.i586.rpm 09726634b12dc2afc37d292853cfb28c corporate/4.0/i586/libapr1-1.2.7-1.1.20060mlcs4.i586.rpm cbfbe3652be9a6986f5f672034b84dc0 corporate/4.0/i586/libapr1-devel-1.2.7-1.1.20060mlcs4.i586.rpm 0733be6b968d4cbcce3494afe962ea12 corporate/4.0/i586/libapr-util1-1.2.7-6.2.20060mlcs4.i586.rpm 725117e7948c43a6fb72f51966d6dd79 corporate/4.0/i586/libapr-util1-devel-1.2.7-6.2.20060mlcs4.i586.rpm 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm

Corporate 4.0/X86_64: 09e54e8fb5df6737dc1b00440d31d5c7 corporate/4.0/x86_64/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.x86_64.rpm 766214b9f0df47776db7bea60f97298f corporate/4.0/x86_64/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.x86_64.rpm 22cb8925b104be9d571cf592a29064c3 corporate/4.0/x86_64/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.x86_64.rpm 0fb8d44ea77b337e4026e72ed4000bf8 corporate/4.0/x86_64/lib64apr1-1.2.7-1.1.20060mlcs4.x86_64.rpm ba0345c32bfe4376621334e36a62a1c0 corporate/4.0/x86_64/lib64apr1-devel-1.2.7-1.1.20060mlcs4.x86_64.rpm cbd9beef22028ade9ecf3d172c710ff1 corporate/4.0/x86_64/lib64apr-util1-1.2.7-6.2.20060mlcs4.x86_64.rpm 5247ff1b281c9fa95ad547996f3bbb17 corporate/4.0/x86_64/lib64apr-util1-devel-1.2.7-6.2.20060mlcs4.x86_64.rpm 4003af7f60b2b13d6f77a05ebe9dfb22 corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm e74d2bc186c01528afbbf64f7491f221 corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm

Mandriva Enterprise Server 5: fe7bd17a4b8499027179f5f421fce92d mes5/i586/libapr1-1.3.3-2.1mdvmes5.i586.rpm ce82a19e9423f69bc380fc32e0e96a9d mes5/i586/libapr-devel-1.3.3-2.1mdvmes5.i586.rpm 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm

Mandriva Enterprise Server 5/X86_64: 744cad17495d753e07fed748ccab4c46 mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdvmes5.x86_64.rpm 4c70155fb19f486a19f048455e41e480 mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdvmes5.x86_64.rpm 278c7292a0432e0d6760639667ec6858 mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdvmes5.x86_64.rpm 0358fea0177405ccd625304c83715992 mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdvmes5.x86_64.rpm a549b591b27f810ba898e75030f61398 mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdvmes5.x86_64.rpm fb02a789f8ec6081f01df92768cda441 mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdvmes5.x86_64.rpm 4dbc88f0779d110f589ee60d7708e1e0 mes5/x86_64/lib64apr1-1.3.3-2.1mdvmes5.x86_64.rpm d591c7684cfd0d6a9a5ae749a3120f58 mes5/x86_64/lib64apr-devel-1.3.3-2.1mdvmes5.x86_64.rpm 6b946eebc0ff697faad4364beae260f8 mes5/x86_64/lib64apr-util1-1.3.4-2.2mdvmes5.x86_64.rpm 5c1f8dd8c2fcb0eb68bd1e24a25d1e22 mes5/x86_64/lib64apr-util-devel-1.3.4-2.2mdvmes5.x86_64.rpm 01004428f12cd78529ac43a546976121 mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm

Multi Network Firewall 2.0: 39d0747e39f45148c8540e76a272f219 mnf/2.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm 9c7677568ec7e3fab84ed224af029d6a mnf/2.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm 9f60f68aa326aaaa02cb6e9346ac0b7b mnf/2.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm a9051117cf2a34ed7cf9066e31d1767f mnf/2.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm ddc2cafb1a02ee501e5127a8731ea942 mnf/2.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm f3bbd229b347489f40b81419214c42bd mnf/2.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm cd19b116ef93c07f78efbe4393d2e3be mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm 5a2da72b9255a8c35f0ed877899f90eb mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm e940b8e3b2da880bca84ebc9f528b2e6 mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm 5d713bee1985cc49c585b4289ee76f1e mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm f293fbf344f6fc55e92170518a710149 mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm f4c48499cb6968a12a5250e3464a2b30 mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm 997ea437e49903a014de32e61573de7a mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm fe5f16a62fc94177286445e9830cb6a6 mnf/2.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm 4eb89be3edc9f7dd0511e22d64baefe2 mnf/2.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm 64be98dcd021367f603e972cc40d6710 mnf/2.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm 5c5a7cb9305c8b0d469fc424931ae215 mnf/2.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm


To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com


Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFKesC1mqjQ0CJFipgRAvjJAJ9/hkPV+kb4tO2KHfjb2m+3nV+9+gCfQHvt uej6FdYjm8TitsZAK4BFOis= =IDO9 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


Debian Security Advisory DSA-1854-1 security@debian.org http://www.debian.org/security/ Florian Weimer August 08, 2009 http://www.debian.org/security/faq


Package : apr, apr-util Vulnerability : heap buffer overflow Debian-specific: no CVE Id(s) : CVE-2009-2412

Matt Lewis discovered that the memory management code in the Apache Portable Runtime (APR) library does not guard against a wrap-around during size computations. This could cause the library to return a memory area which smaller than requested, resulting a heap overflow and possibly arbitrary code execution.

For the old stable distribution (etch), this problem has been fixed in version 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of the apr-util package.

For the stable distribution (lenny), this problem has been fixed in version 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1 of the apr-util package.

For the unstable distribution (sid), this problem will be fixed soon.

Upgrade instructions


wget url will fetch the file for you dpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line for sources.list as given below:

apt-get update will update the internal database apt-get upgrade will install corrected packages

You may use an automated update by adding the resources from the footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch


Source archives:

http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz Size/MD5 checksum: 643328 a3117be657f99e92316be40add59b9ff http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc Size/MD5 checksum: 1036 9dc256c005a7f544c4d5c410b226fb74 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz Size/MD5 checksum: 26613 021ef3aa5b3a9fc021779a0b6a6a4ec9 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz Size/MD5 checksum: 21651 e090ebfd7174c90bae4e4935a3d3db15 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz Size/MD5 checksum: 1102370 aea926cbe588f844ad9e317157d60175 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc Size/MD5 checksum: 856 89662625fd7a34ceb514087de869d918

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb Size/MD5 checksum: 121726 df1e2d6e8bf9ed485ad417fe274eb0e3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 83690 b5873275f420b15f9868ea0dde699c60 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb Size/MD5 checksum: 371668 4e8bd42151f3cdf8cee91c49599aab42 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 129158 5074639b4b0d9877ff29b96540fdfaec http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb Size/MD5 checksum: 185420 ddf84849ff3bee792dc187c6d21958bd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb Size/MD5 checksum: 148140 079cff06535a7e3f4e9a5d682d80bb1b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 72946 6b11e4b65bdf67981a091177d9644007 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 126156 b420f555d02504e0497a0ba3c27e0cac http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb Size/MD5 checksum: 127742 1606857f3291ccb10e038219f1f2eab3 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb Size/MD5 checksum: 187302 bb1a4aa5768fa012201ad1e72bc27e93 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb Size/MD5 checksum: 348120 b5d6b4e7c628dffe867159b54b6c82f1 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb Size/MD5 checksum: 111664 6b51dc29ea4defa975902d246188086f

arm architecture (ARM)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 121504 3ba789c274f2ed7030aa286ea57dbb3d http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb Size/MD5 checksum: 175146 86ff258e9181fa424cb043dc22e2c0e0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 117302 97d701c8f9d6746eb14448bfde8e8588 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb Size/MD5 checksum: 104934 45a976662beb7ec3b15ee7c7a45f3de7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb Size/MD5 checksum: 66110 09c54142359236f50654bd9c7b375781 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb Size/MD5 checksum: 335520 14d06ecfb54247718b780c893df8f4cc

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 126186 9494353aa42e983a245af2890dd2c6d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 78668 60c87b0e86c1ed31deecddd88cdf5fa5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb Size/MD5 checksum: 133918 ae993c733053a326603c5b750505bee9

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 116052 6238f10eb5077bb53b9664b82b985c40 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb Size/MD5 checksum: 338694 262cec472ec3aaeb1b4d38eebaa940c8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 68854 78ab4f6425153d8b746b99842994d555 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb Size/MD5 checksum: 109138 4aa254cacd4e95785ae823cedb1cce2f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb Size/MD5 checksum: 122136 4a16475bb5780625902c79069681ae74 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb Size/MD5 checksum: 180654 481471d06045a2e348b55de6dbdf5f94

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 156562 52761fff3e82e21728e0c6a79bf4508f http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 99446 3ad58d882e434e39be525e7aa41d9e93 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb Size/MD5 checksum: 141894 5b7351a6b4c3765e3d76b9d22e04cf0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb Size/MD5 checksum: 118716 8c73712293cd4d9a5935aefd18a3e4c9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb Size/MD5 checksum: 171514 f474001e4f852a44af517b5d6f737a65 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb Size/MD5 checksum: 385514 76d0bbda16c749f6a5b40fd6297a180a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb Size/MD5 checksum: 188816 de1ecb467042d2c1891cc1d2f5db83d9 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130394 fc34d9b137c080b63374d809c1d6bf8b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 130492 4d7cdffabbef214eeea0c02a346d0eb8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb Size/MD5 checksum: 70776 6fe66f5cb81c2a3af2fa0cd64a85cfd8 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb Size/MD5 checksum: 357368 aab08f1596aead97cc48924ebf99c80e http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb Size/MD5 checksum: 112644 9c6d720999259453daaa13e8ec3c8336

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb Size/MD5 checksum: 186464 5b2392a143ff8a173a771b819377ab47 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 128052 02e3c278190e92d7131c275aab5f5c44 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb Size/MD5 checksum: 358010 480087a77642a8ff99a32bb323b62600 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 130712 50da703a75deb2ba87d4be171e80bd5b http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb Size/MD5 checksum: 113352 d363370bcba834268202db5271b20aa3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb Size/MD5 checksum: 70794 1f57c4362c286bd0d2df40d775690612

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 125106 92d5d46effd18aaa8e849254d9da8acd http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb Size/MD5 checksum: 348504 2f4f96652c28e3f5f1cfae8e5265ec83 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 130380 dacdce767bcff6b0ecbe66add6838e8b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb Size/MD5 checksum: 189780 ae1e23e3080fbfe3ba26b8acf9561d6c http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb Size/MD5 checksum: 113956 1e2ba4da9ee0775325b351887c182f52 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb Size/MD5 checksum: 72472 3a47c9eca3ec7b6f4e87609b3aca7f65

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 124802 cdd46922b57a51fedb25ae401d8dc753 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb Size/MD5 checksum: 121978 71edc1d101933b1a43a9c395427a4aed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 128570 f0f7d5dfecb61c6212e0803a325e8a01 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb Size/MD5 checksum: 186320 cca313c55848e6161810ff16fb71390f http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb Size/MD5 checksum: 349848 b9cbaa0a70b9bfa28d74ac4a6e107428 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb Size/MD5 checksum: 76668 f6b5e093ae1c3c5d4442e223115052de

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb Size/MD5 checksum: 338056 ab06437e18c1cc36dab35779cc4102d8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb Size/MD5 checksum: 103200 1c6f94d15f4e3052e9ed80fc232f96b5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117840 5f0671d301a9e2ea8020d0dcaa71a42b http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 66374 668815a44c99c366ae8e3f624613932e http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb Size/MD5 checksum: 167962 f338f71eeb38be58c67d1ac0fd92d1ff http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb Size/MD5 checksum: 117510 63dd9c471f24472eb46a5fd9dcb92077

Debian GNU/Linux 5.0 alias lenny


Source archives:

http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz Size/MD5 checksum: 1127522 020ea947446dca2d1210c099c7a4c837 http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz Size/MD5 checksum: 12398 b407ff7dac7363278f4f060e121aa611 http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz Size/MD5 checksum: 658687 4ef3e41037fe0cdd3a0d107335a008eb http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc Size/MD5 checksum: 1530 dccceaa89d58074be3b7b7738a99756b http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz Size/MD5 checksum: 23138 a2222477de9ad92015416542a2c250ed http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc Size/MD5 checksum: 1284 4330306f892fd7c0950b1ccf2537b38d

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 806236 3689d5ee779d3846fe67c9dad2f213dc http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 53204 92bb2e8a7c48e6f8437680e08607a3f7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 147658 edba141e93c382fbf0ab2bbec1dba899 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 158060 b80ad32790c6c8d89f0007a69d9ce0b8 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb Size/MD5 checksum: 90740 c715b55d060a2d4e8d7684477d0b9014 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb Size/MD5 checksum: 121774 565a4fdd123d04698907456e40d4df0b

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 54232 3f23cc38f68bbf926b801b82b3fea917 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 80046 f6158018f26ddd6369687b8f9f64aa75 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 114326 851cc08504589c09f08ec9e6efa52ef1 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 147928 136a5a5c0d558d8f252d1ed44efed217 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb Size/MD5 checksum: 133850 6b71ac477650c688863ef33fc58216a0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb Size/MD5 checksum: 825740 bf80dbc726c5b691b023e96e463ba88c

arm architecture (ARM)

http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 818438 8e6c8a9964650a793e4a0e5ec51a8619 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 54912 a853d8175d2bee56c6f37aada02fc2ca http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb Size/MD5 checksum: 107790 85e0815ff8f340d99052a9c9f604cccd http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 71112 20a4c9fd130c188166c0ebc6ceff5fcf http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 138982 c84f95cff9713ed403fae7b712456ade http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb Size/MD5 checksum: 124090 c4fc3663255a416725a69818e3523731

armel architecture (ARM EABI)

http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 109676 e26ebffcc101ffc87963c9a65b3543f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 124626 4c34337eb3d1d55900a067f2c8412abc http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 821990 19c68f5f904bb3bbdfd44349f8544e83 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb Size/MD5 checksum: 55820 f39b0928bc4b91fb60bd6259c6ae6e02 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 70086 1d3032e0879ed1ea6fa2f04c34af1782 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb Size/MD5 checksum: 139434 e802e42577998c62fadfc335edb3b81a

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 83668 3c8893214d7375303eaf1eec6e27212b http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 827762 2fd0d8dd54c92c828e42100bb8816b00 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 142916 14e1e2f8fa50b0eb1772f1e4bbc26e50 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb Size/MD5 checksum: 140872 7fef63f2cd282e44c51b5e69d94d8706 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 113954 926b8c39fee1787a94b3d6cc1c6d420b http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb Size/MD5 checksum: 54332 18751dc2275828a126b2dbe568678f32

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 73814 2ef03972ed5b2232fe5782c4960bc362 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 54582 edc98ca59cebd14195602929def1da31 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 141438 5a54e1cac30640ca5e9922586d9983a8 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 108882 075f37cd43e483d27ff0b94ad01f2d08 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb Size/MD5 checksum: 121138 fc2411e049936d12702713c82377c9e5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb Size/MD5 checksum: 809460 a5648e0404f1cb4244c156cf85bfe0f5

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 135404 8f7a4964b22e5e9e5297380c15d8818d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 170110 412b51e1e3c1ed4e309459dd17844e68 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 154362 2fc1441f28ef4f90446464627c8ef36d http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 837496 6862607faf59e42525f5205d8a967818 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb Size/MD5 checksum: 111140 12f0bf9e6264cc9c170c2b8365428cc0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb Size/MD5 checksum: 53428 a6a55d644fb58a0f7ea6a9b509cb71d0

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 110932 feb666e4f402bcb1954bc194c37496d7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 147482 e2508cc75520518ccbe4c3a5cf0cc50c http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 56582 5134a012017e629239cc543fedf4edf3 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 74584 2fbb1b76079126fd701f32e45a9cf7f0 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb Size/MD5 checksum: 792650 126585d9fe0def77f7632f9d098eb11d http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb Size/MD5 checksum: 136438 ae62dc1d5a32fac11615f4b67cfa4a6b

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 56414 ecca7e3643ccb91fc962b886bdddbc0e http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 136390 d45f956c14ea9fe22b77bce3810c32b7 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 144740 05411f88615592531468cdd89bb4b5d0 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb Size/MD5 checksum: 74366 a15e15331a62f33d33481b7e53f07b48 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 792762 dc1e4748e106c82e9f8bf6c3ecce4a38 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb Size/MD5 checksum: 110974 a5dd28b5c9b3106da8e4c81abea6777d

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 82512 f8a18fb94a4ef3cabec01c288a26eef5 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 55708 555d64273f15c6ebd503b7cb84f0fb29 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 132338 66e77820b5b9d2a05d6df5c4ec2c76b0 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 116238 1a291989c32ea21ac8eef9ca51831fc5 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb Size/MD5 checksum: 147180 cc9f274b349dbbb9ce9b69b0d0edf493 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb Size/MD5 checksum: 821948 fc3acf3dec16223caf6f932e8b7c0c01

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 126058 474bddd0f3c5a69cc21fc2d403fe90f6 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 148614 89cc7bb2619f28e5e6e9d0042050a924 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 133044 fb35625937e6fae551d97df283a32dd9 http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 787872 2dc32425bfbd17b841218064599d80ed http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb Size/MD5 checksum: 85496 c41f2fdebd22ec066815211768dcdc3a http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb Size/MD5 checksum: 54414 c36fa2538d8077a8ef09842e07bd989a

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 814624 613a70f3443404f5939e91e229d01d25 http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 54370 4c12839718c73a2b96b607d77fcbc583 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 131706 5c2ad3da38aaaab8ac2c14656602c532 http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb Size/MD5 checksum: 108712 c1f66be9c2daa447d5bfbd1f7639aada http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 72738 ec558ed4277ca676f07e3181ffad0335 http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb Size/MD5 checksum: 124976 22385c13d934c3877ce2f9eeaa4584e3

These files will probably be moved into the stable distribution on its next update.


For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org Package info: `apt-cache show ' and http://packages.debian.org/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJKfcqtAAoJEL97/wQC1SS+6T4IAJxpIZ7AUOwmDtuOk/WQzlzv U1nz6YhC9nhf/QdjbmAe0+ClaGwP5FZOacfEK6t64DBJ/81qgLtHlh6hlbm2+9wD vIddGlXmdKjEcHXVbt5rwEoc9pk6ma954Fziu2yUVxhP40SBLWlfEQ5w1LxjNHAI UKokX2+4C3Lk+6hJd8AqnvyfqP8h990HzFqT11hh8OlKVrvHmAiZWbSMmLvkKsPf F5mNDGVKluNfpAhwo6eLN2ayRDEKAeuejF2jQtb/MXQN3kJpPri2JhalhMra371l RmpmVNUOtKKJz/3gHSLjQNh6D5G4kj/I9RcHFA68Pv14kXh0xgtQlKGGLaPo/3M= =704P -----END PGP SIGNATURE----- . Subversion clients and servers, versions 1.6.0 - 1.6.3 and all versions < 1.5.7, are vulnerable to several heap overflow problems which may lead to remote code execution. The official advisory (mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt) follows:

Subversion clients and servers up to 1.6.3 (inclusive) have heap overflow issues in the parsing of binary deltas.

Summary:

Subversion clients and servers have multiple heap overflow issues in the parsing of binary deltas. This is related to an allocation vulnerability in the APR library used by Subversion.

Clients with commit access to a vulnerable server can cause a remote heap overflow; servers can cause a heap overflow on vulnerable clients that try to do a checkout or update.

This can lead to a DoS (an exploit has been tested) and to arbitrary code execution (no exploit tested, but the possibility is clear).

Known vulnerable:

Subversion clients and servers <= 1.5.6. Subversion clients and servers 1.6.0 through 1.6.3 (inclusive).

Known fixed:

Subversion 1.6.4 Subversion 1.5.7

(Search for "Patch" below to see the patches from 1.6.3 -> 1.6.4 and 1.5.6 -> 1.5.7. Search for "Recommendations" to get URLs for the 1.6.4 release and associated APR library patch.)

Details:

The libsvn_delta library does not contain sufficient input validation of svndiff streams. If a stream with large windows is processed, one of several integer overflows may lead to some boundary checks incorrectly passing, which in turn can lead to a heap overflow.

Severity:

A remote attacker with commit access to repository may be able to execute code on a Subversion server. A malicious server may be able to execute code on a Subversion client.

Recommendations:

We recommend all users to upgrade to Subversion 1.6.4.

We recommend all users to upgrade to the latest versions of APR and APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR installation from http://www.apache.org/dist/apr/patches/.

New Subversion packages can be found at: http://subversion.tigris.org/project_packages.html

References:

CVE-2009-2411 (Subversion) CVE-2009-2412 (APR)

Reported by:

Matt Lewis, Google.

Patches:

This patch applies to Subversion 1.6.x (apply with patch -p0 < patchfile):

[[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38519) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -60,10 +60,23 @@ struct encoder_baton { apr_pool_t *pool; };

+/ This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/ This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN)

/* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN.

This encoding uses the high bit of each byte as a continuation bit
and the other seven bits as data bits.  High-order data bits are

@@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val) svn_filesize_t v; unsigned char cont;

  • assert(val >= 0);
  • SVN_ERR_ASSERT_NO_RETURN(val >= 0);

/ Figure out how many bytes we'll need. / v = val >> 7; @@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val) n++; }

  • SVN_ERR_ASSERT_NO_RETURN(n <= MAX_ENCODED_INT_LEN); + / Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -112,7 +127,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) {
  • char buf[128], *p;
  • char buf[MAX_ENCODED_INT_LEN], *p;

p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t *op; apr_size_t len;

@@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -365,6 +382,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -382,7 +401,7 @@ decode_size(apr_size_t val, data is not compressed. /

static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -390,6 +409,13 @@ static svn_error_t * / First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: " + "size too large")); / We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -487,10 +513,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, ("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - ("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -499,7 +525,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi

   instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);
   instout = svn_stringbuf_create("", pool);
  • SVN_ERR(zlib_decode(instin, instout));
  • SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));

    ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));

    newlen = ndout->len; data = (unsigned char )instout->data; @@ -685,6 +712,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR;

  • if (tview_len > SVN_DELTA_WINDOW_SIZE ||

  • sview_len > SVN_DELTA_WINDOW_SIZE ||
  • / for svndiff1, newlen includes the original length /
  • newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
  • inslen > MAX_INSTRUCTION_SECTION_LEN)
  • return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
  • _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream));

  • if (*tview_len > SVN_DELTA_WINDOW_SIZE ||

  • *sview_len > SVN_DELTA_WINDOW_SIZE ||
  • / for svndiff1, newlen includes the original length /
  • *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
  • *inslen > MAX_INSTRUCTION_SECTION_LEN)
  • return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
  • _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38519) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler / Functions for applying deltas. */

/ Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -557,8 +557,11 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(buf_size) >= buf_size); buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; }

@@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len)));

/ Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool));

/ Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t window, void b char *old_sbuf = ab->sbuf;

   /* Make sure there's enough room.  */
  • size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool);
  • SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len,
  • ab->pool));

    / If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. / ]]]

This patch applies to Subversion 1.5.x:

[[[ Index: subversion/libsvn_delta/svndiff.c =================================================================== --- subversion/libsvn_delta/svndiff.c (revision 38498) +++ subversion/libsvn_delta/svndiff.c (working copy) @@ -55,10 +55,23 @@ struct encoder_baton { apr_pool_t *pool; };

+/ This is at least as big as the largest size of an integer that + encode_int can generate; it is sufficient for creating buffers for + it to write into. This assumes that integers are at most 64 bits, + and so 10 bytes (with 7 bits of information each) are sufficient to + represent them. / +#define MAX_ENCODED_INT_LEN 10 +/ This is at least as big as the largest size for a single instruction. / +#define MAX_INSTRUCTION_LEN (2MAX_ENCODED_INT_LEN+1) +/ This is at least as big as the largest possible instructions + section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE + 1-byte copy-from-source instructions (though this is very unlikely). / +#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZEMAX_INSTRUCTION_LEN)

/* Encode VAL into the buffer P using the variable-length svndiff integer format. Return the incremented value of P after the - encoded bytes have been written. + encoded bytes have been written. P must point to a buffer of size + at least MAX_ENCODED_INT_LEN.

This encoding uses the high bit of each byte as a continuation bit
and the other seven bits as data bits.  High-order data bits are

@@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val) n++; }

  • assert(n <= MAX_ENCODED_INT_LEN); + / Encode the remaining bytes; n is always the number of bytes coming after the one we're encoding. / while (--n >= 0) @@ -107,7 +122,7 @@ encode_int(char p, svn_filesize_t val) static void append_encoded_int(svn_stringbuf_t header, svn_filesize_t val) {
  • char buf[128], *p;
  • char buf[MAX_ENCODED_INT_LEN], *p;

p = encode_int(buf, val); svn_stringbuf_appendbytes(header, buf, p - buf); @@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t window, void svn_stringbuf_t i1 = svn_stringbuf_create("", pool); svn_stringbuf_t header = svn_stringbuf_create("", pool); const svn_string_t newdata; - char ibuf[128], ip; + char ibuf[MAX_INSTRUCTION_LEN], ip; const svn_txdelta_op_t *op; apr_size_t len;

@@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -360,6 +377,8 @@ decode_size(apr_size_t val, const unsigned char p, const unsigned char end) { + if (p + MAX_ENCODED_INT_LEN < end) + end = p + MAX_ENCODED_INT_LEN; / Decode bytes until we're done. / val = 0; while (p < end) @@ -377,7 +396,7 @@ decode_size(apr_size_t val, data is not compressed. /

static svn_error_t * -zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out) +zlib_decode(svn_stringbuf_t in, svn_stringbuf_t out, apr_size_t limit) { apr_size_t len; char oldplace = in->data; @@ -385,6 +404,13 @@ static svn_error_t * / First thing in the string is the original length. / in->data = (char )decode_size(&len, (unsigned char )in->data, (unsigned char )in->data+in->len); + if (in->data == NULL) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: no size")); + if (len > limit) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL, + ("Decompression of svndiff data failed: " + "size too large")); / We need to subtract the size of the encoded original length off the * still remaining input length. / in->len -= (in->data - oldplace); @@ -482,10 +508,10 @@ count_and_verify_instructions(int ninst, return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, ("Invalid diff stream: insn %d cannot be decoded"), n); - else if (op.length <= 0) + else if (op.length == 0) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, - ("Invalid diff stream: insn %d has non-positive length"), n); + _("Invalid diff stream: insn %d has length zero"), n); else if (op.length > tview_len - tpos) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, @@ -494,7 +520,8 @@ count_and_verify_instructions(int ninst, switch (op.action_code) { case svn_txdelta_source: - if (op.length > sview_len - op.offset) + if (op.length > sview_len - op.offset || + op.offset > sview_len) return svn_error_createf (SVN_ERR_SVNDIFF_INVALID_OPS, NULL, _("Invalid diff stream: " @@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi

   instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);
   instout = svn_stringbuf_create("", pool);
  • SVN_ERR(zlib_decode(instin, instout));
  • SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));

    ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool); ndout = svn_stringbuf_create("", pool); - SVN_ERR(zlib_decode(ndin, ndout)); + SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));

    newlen = ndout->len; data = (unsigned char )instout->data; @@ -680,6 +707,14 @@ write_handler(void baton, if (p == NULL) return SVN_NO_ERROR;

  • if (tview_len > SVN_DELTA_WINDOW_SIZE ||

  • sview_len > SVN_DELTA_WINDOW_SIZE ||
  • / for svndiff1, newlen includes the original length /
  • newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
  • inslen > MAX_INSTRUCTION_SECTION_LEN)
  • return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
  • _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len @@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files SVN_ERR(read_one_size(inslen, stream)); SVN_ERR(read_one_size(newlen, stream));

  • if (*tview_len > SVN_DELTA_WINDOW_SIZE ||

  • *sview_len > SVN_DELTA_WINDOW_SIZE ||
  • / for svndiff1, newlen includes the original length /
  • *newlen > SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||
  • *inslen > MAX_INSTRUCTION_SECTION_LEN)
  • return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,
  • _("Svndiff contains a too-large window")); + / Check for integer overflow. / if (sview_offset < 0 || inslen + newlen < inslen || sview_len + tview_len < sview_len Index: subversion/libsvn_delta/text_delta.c =================================================================== --- subversion/libsvn_delta/text_delta.c (revision 38498) +++ subversion/libsvn_delta/text_delta.c (working copy) @@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler / Functions for applying deltas. */

/ Ensure that BUF has enough space for VIEW_LEN bytes. / -static APR_INLINE void +static APR_INLINE svn_error_t * size_buffer(char buf, apr_size_t buf_size, apr_size_t view_len, apr_pool_t pool) { @@ -507,8 +507,13 @@ size_buffer(char buf, apr_size_t buf_size, buf_size = 2; if (buf_size < view_len) buf_size = view_len; + if (APR_ALIGN_DEFAULT(buf_size) < buf_size) + return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL, + "Diff stream resulted in invalid buffer size."); buf = apr_palloc(pool, *buf_size); } + + return SVN_NO_ERROR; }

@@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t window, void b >= ab->sbuf_offset + ab->sbuf_len)));

/ Make sure there's enough room in the target buffer. / - size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool); + SVN_ERR(size_buffer(&ab->tbuf, &ab->tbuf_size, window->tview_len, ab->pool));

/ Prepare the source buffer for reading from the input stream. / if (window->sview_offset != ab->sbuf_offset @@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t window, void b char *old_sbuf = ab->sbuf;

   /* Make sure there's enough room.  */
  • size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len, ab->pool);
  • SVN_ERR(size_buffer(&ab->sbuf, &ab->sbuf_size, window->sview_len,
  • ab->pool));

    / If the existing view overlaps with the new view, copy the * overlap to the beginning of the new buffer. / ]]] . The Apache Portable Runtime Utility Library (aka APR-Util) provides an interface to functionality such as XML parsing, string matching and databases connections.

Affected packages

-------------------------------------------------------------------
 Package            /  Vulnerable  /                    Unaffected
-------------------------------------------------------------------

1 dev-libs/apr < 1.3.8 >= 1.3.8 2 dev-libs/apr-util < 1.3.9 >= 1.3.9 ------------------------------------------------------------------- 2 affected packages on all of their supported architectures. -------------------------------------------------------------------

Description

Matt Lewis reported multiple Integer overflows in the apr_rmm_malloc(), apr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of APR-Util and in memory/unix/apr_pools.c of APR, both occurring when aligning memory blocks.

Impact

A remote attacker could entice a user to connect to a malicious server with software that uses the APR or act as a malicious client to a server that uses the APR (such as Subversion or Apache servers), possibly resulting in the execution of arbitrary code with the privileges of the user running the application.

Workaround

There is no known workaround at this time.

Resolution

All Apache Portable Runtime users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8

All APR Utility Library users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9

References

[ 1 ] CVE-2009-2412 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200909-03.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

Copyright 2009 Gentoo Foundation, Inc; referenced text belongs to its owner(s).

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . =========================================================== Ubuntu Security Notice USN-813-2 August 08, 2009 apache2 vulnerability CVE-2009-2412 ===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS

This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the following package versions:

Ubuntu 6.06 LTS: libapr0 2.0.55-4ubuntu2.7

After a standard system upgrade you need to restart any applications using apr, such as Subversion and Apache, to effect the necessary changes.

Details follow:

USN-813-1 fixed vulnerabilities in apr. This update provides the corresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS.

Updated packages for Ubuntu 6.06 LTS:

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz
  Size/MD5:   126010 68da83341313e1b166fe345138d1eaa5
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc
  Size/MD5:     1156 0b17c48d0880ab82c769c41d1aff7002
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz
  Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb
  Size/MD5:  2125530 9356b79c2b1591ffec1a6cd1974f82fd

amd64 architecture (Athlon64, Opteron, EM64T Xeon):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   833902 08b8aaf66aa52e6fd9dbed1647bb5dd2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   229124 400d32297652e4976456cb7b367cc435
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   224122 07be7749fd618703c9f093efeb5e6fad
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   228700 9c79315063121eb7017cd99c6bb4667c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   172244 e15a994901f09e6e8294d656b8a8254c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   173028 985f0a987b0e5e17b24fdd6f8475781a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:    95066 2b836251f30a5c3d0cb24c2775a9b997
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:    37096 2756f162320b3b183c7447dad130cff9
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   286664 f46d70c05cba04ceaba7d62afe5ac5be
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb
  Size/MD5:   145234 e1c285b96d1ee5e8a66d01eadcc289c6

i386 architecture (x86 compatible Intel/AMD):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   787150 ab3e75481087dc0148ca3ccc450a1ab1
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   203722 e10938af36f0e1802fbd3b0946ae6e3c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   199634 7ee8d5ba9679c8c7dd78c95b5fb74046
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   203146 5456087e20afd24d2a27d648fafeb135
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   172228 98a58d9526a667a05573e9b26fcfd45b
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   173020 1db636c0e79b0ea3c405da958c35c932
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:    92998 737aee7a7026d4d9b33a0f71b44e0b19
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:    37098 15db8827569af434025942a84e77b381
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   262652 93f2171d69072153264cab51860f781c
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb
  Size/MD5:   133118 cac6f1c804a1e34bf4250be4d8670862

powerpc architecture (Apple Macintosh G3/G4/G5):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   859954 558399d0c5fb22cee0cdc1b20d4d7586
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   221090 94c5789d3d06b3553d883eca45ab06b7
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   216702 68edfa60eb9de377b20be68e10bd879a
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   220634 8f103f83772eb2e52cd38bb0fb1efbec
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   172234 559b5683e44f424324d43b09f42c63f6
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   173014 7c05a2f5fe626036ebaa271cece0cd09
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   104772 63a31e0f30472ebc19a79744b1b1fe03
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:    37098 c00f5d32432f97ac992652ac1bbb7259
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   282244 1a2c7d7038b335ae2ab6ff68d06a380f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb
  Size/MD5:   142328 169a4ce5fc42eb789c76f46acb07aa00

sparc architecture (Sun SPARC/UltraSPARC):

http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   804250 3a780a65322c539717e93a64792acc16
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   211276 e1f45226511664f1759a6ad75aff6155
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   206948 19e2792273d8a4935ef6fcc6ee369326
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   210556 e62136b10dca8c665defa2cc54640e64
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   172232 6e2213cb4b6a5dec1506fe01ce5cc028
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   173010 9603ee752f034d04fd349db168fbe2f2
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:    94084 c6f6315ff2e1865f409ae49d54e3a233
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:    37102 fdb3a44756f9d6e8d36c1b2558420d57
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   268648 03fbe81b3cc1f0ac17961fc5c58a3f5f
http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb
  Size/MD5:   131056 8707670bfb577280d9b5d0689c51608c

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-200908-0708",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.3.8"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.3.7"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.3.5"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.9,
        "vendor": "apache",
        "version": "1.3.4"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "0.9.6"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "0.9.1"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "1.3.2"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "0.9.7"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "0.9.7-dev"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "1.3.3"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.3.6"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "0.9.16"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.3,
        "vendor": "apache",
        "version": "1.3.7"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.8"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.4"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.4-dev"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.0"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.6-dev"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.2"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.8"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.5"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.3"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.5"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.8"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.2"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.6"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.3"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.2-dev"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.6-dev"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.9"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.6"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.7-dev"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.5"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.9"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.2-dev"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.4"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.3"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.1"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.3-dev"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.16-dev"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.1"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.2"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.1"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.4"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.4-dev"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "0.9.3-dev"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "1.3.0"
      },
      {
        "model": "http server",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.0.64"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "0.9.x"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.3.x"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "0.9.x"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "1.3.x"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "2.0.47.x"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.2.39"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1.0.29"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0.0.7"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.0.2.39"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "6.1.0.29"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "7.0.0.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.1"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.5.8"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6"
      },
      {
        "model": "mac os x server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "v10.6.1"
      },
      {
        "model": "opensolaris",
        "scope": null,
        "trust": 0.8,
        "vendor": "oracle",
        "version": null
      },
      {
        "model": "solaris",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "10"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3.0 (x86-64)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "4.0 (x86-64)"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2.0"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "3.0"
      },
      {
        "model": "turbolinux appliance server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "3.0 (x64)"
      },
      {
        "model": "turbolinux client",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "2008"
      },
      {
        "model": "turbolinux fuji",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "( extended maintenance )"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "10 (x64)"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11"
      },
      {
        "model": "turbolinux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "turbo linux",
        "version": "11 (x64)"
      },
      {
        "model": "interscan messaging security suite",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "7.x"
      },
      {
        "model": "interscan messaging security virtual appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "7.0"
      },
      {
        "model": "trendmicro interscan messaging security appliance",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "trend micro",
        "version": "7.0"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4 (ws)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (as)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.8 (es)"
      },
      {
        "model": "enterprise linux",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (server)"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "3.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "4.0"
      },
      {
        "model": "enterprise linux desktop",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.0 (client)"
      },
      {
        "model": "enterprise linux eus",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5.3.z (server)"
      },
      {
        "model": "rhel desktop workstation",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "red hat",
        "version": "5 (client)"
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "9.04"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.10"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts lpia",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "8.04"
      },
      {
        "model": "linux lts sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts i386",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux lts amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ubuntu",
        "version": "6.06"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "9"
      },
      {
        "model": "linux enterprise server debuginfo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise server sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise server sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise sdk sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise sdk sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise desktop sp3",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise desktop sp2",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "11"
      },
      {
        "model": "linux enterprise sp3 debuginfo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "linux enterprise sp2 debuginfo",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "suse",
        "version": "10"
      },
      {
        "model": "solaris 10 x86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "solaris 10 sparc",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 99",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 98",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 96",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 95",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 94",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 93",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 92",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 91",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 90",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 89",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 88",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 87",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 86",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 85",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 84",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 83",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 82",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 81",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 80",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 78",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 77",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 76",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 74",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 71",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 68",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 67",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 64",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 61",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 59",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 58",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 57",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 56",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 54",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 51",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 50",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 49",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 48",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 47",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 45",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 41",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 39",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 38",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 37",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 36",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 35",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 29",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 28",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 22",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 19",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 13",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 121",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 120",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 119",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 118",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 117",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 116",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 115",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 114",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 113",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 112",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 110",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 109",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 108",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 107",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 106",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 105",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 104",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 103",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 102",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 101a",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 101",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 100",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 02",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 01",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "opensolaris build snv 111b",
        "scope": null,
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.1"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "12.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "slackware",
        "version": "11.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.1"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "11.0"
      },
      {
        "model": "opensuse",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "10.3"
      },
      {
        "model": "open-enterprise-server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "0"
      },
      {
        "model": "novell linux pos",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9"
      },
      {
        "model": "novell linux desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "s u s e",
        "version": "9.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "2"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "rpath",
        "version": "1"
      },
      {
        "model": "jboss enterprise web server el4",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "0"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux ws",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux eus 5.3.z server",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux es 4.8.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux es",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux desktop workstation client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux desktop client",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "enterprise linux as 4.8.z",
        "scope": null,
        "trust": 0.3,
        "vendor": "redhat",
        "version": null
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4"
      },
      {
        "model": "enterprise linux as",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3"
      },
      {
        "model": "enterprise linux server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "5"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "4.0"
      },
      {
        "model": "desktop",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "3.0"
      },
      {
        "model": "certificate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "redhat",
        "version": "7.3"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20090"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "pardus",
        "version": "20080"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2009.0"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.1"
      },
      {
        "model": "linux mandrake x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "linux mandrake",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandriva",
        "version": "2008.0"
      },
      {
        "model": "multi network firewall",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "2.0"
      },
      {
        "model": "enterprise server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "enterprise server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "5"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "corporate server x86 64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "3.0"
      },
      {
        "model": "corporate server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "mandrakesoft",
        "version": "4.0"
      },
      {
        "model": "websphere application server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.0.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47.1"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.47"
      },
      {
        "model": "http server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "7.0"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.2"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage studio enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage studio enterprise edition b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.3.1"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.2"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage application server standard-j edition b",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server standard-j edition 9.1.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.2"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.1"
      },
      {
        "model": "interstage application server enterprise edition a",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": "9.0"
      },
      {
        "model": "interstage application server enterprise edition 9.1.0b",
        "scope": null,
        "trust": 0.3,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "5.0"
      },
      {
        "model": "linux sparc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux s/390",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux powerpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux mipsel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux mips",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux m68k",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux ia-64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux ia-32",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux hppa",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux armel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux arm",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux amd64",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux alpha",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "linux",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "debian",
        "version": "4.0"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.2.2.5"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "4.2.2.4"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.5"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.4"
      },
      {
        "model": "coat systems director",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "blue",
        "version": "0"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os server",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.11"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.10"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.9"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.8"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.7"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.5"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.5"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.9.17"
      },
      {
        "model": "apr-util",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.9.7"
      },
      {
        "model": "portable runtime",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "0.9.18"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.12"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.11"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.10"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.9"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.8"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.6"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.5"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.4"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3"
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2"
      },
      {
        "model": "2.2.7-dev",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "2.2.6-dev",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "2.2.5-dev",
        "scope": null,
        "trust": 0.3,
        "vendor": "apache",
        "version": null
      },
      {
        "model": "apache",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.1"
      },
      {
        "model": "opensolaris build snv 122",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "sun",
        "version": null
      },
      {
        "model": "coat systems director",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "blue",
        "version": "5.5.2.3"
      },
      {
        "model": "mac os server",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.6.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "35949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.6-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.2-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.7-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.3-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.4-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.16:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:1.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:apr-util:0.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Matt Lewis\u203b mattlewis@google.com",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2009-2412",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 10.0,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 10.0,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2009-2412",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2009-2412",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-200908-530",
            "trust": 0.6,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows.  NOTE: some of these details are obtained from third party information. Apache APR (Apache Portable Runtime) and \u0027APR-util\u0027 are prone to multiple integer-overflow vulnerabilities. \nAttackers can exploit these issues to execute arbitrary code in the context of an application that uses the affected library. Successful exploits will compromise the affected application and possibly the computer. Failed attacks will cause denial-of-service conditions. \n \n This update provides fixes for these vulnerabilities. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Linux 2008.1:\n bd5757bce0a8299edcf7dcc3e2980964  2008.1/i586/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.i586.rpm\n 50ba5cc45e1f72e8219addc0df369ca4  2008.1/i586/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.i586.rpm\n 1cb0f643e4084741afefb8d25d975062  2008.1/i586/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.i586.rpm\n 23990e6d23f02addecd2d3dcd7d68baf  2008.1/i586/libapr1-1.2.12-3.1mdv2008.1.i586.rpm\n 002cebd9b1e101cc487490fb5e1de4b9  2008.1/i586/libapr-devel-1.2.12-3.1mdv2008.1.i586.rpm\n 178584e4fee60428188b4f8be39e8b22  2008.1/i586/libapr-util1-1.2.12-4.2mdv2008.1.i586.rpm\n d718e18960ee01edbfc9cf99cb335604  2008.1/i586/libapr-util-devel-1.2.12-4.2mdv2008.1.i586.rpm \n bf792d204211369b8c63051f1360fd97  2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm\n dcbd01ea287e6d8efc276dfa074c3930  2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2008.1/X86_64:\n 6a9a81c520c8e30b5f8fbbe54d185dff  2008.1/x86_64/apr-util-dbd-mysql-1.2.12-4.2mdv2008.1.x86_64.rpm\n cc9d7917d41f5ca317d2942c2d14c859  2008.1/x86_64/apr-util-dbd-pgsql-1.2.12-4.2mdv2008.1.x86_64.rpm\n 016e48025c0fec50db868ba23d20140e  2008.1/x86_64/apr-util-dbd-sqlite3-1.2.12-4.2mdv2008.1.x86_64.rpm\n 6ee3859a30eab3399275b29356df5727  2008.1/x86_64/lib64apr1-1.2.12-3.1mdv2008.1.x86_64.rpm\n 766f74618ab9532eef5ab40f94112579  2008.1/x86_64/lib64apr-devel-1.2.12-3.1mdv2008.1.x86_64.rpm\n 6e57aa1381b9af730eec5f313f8d5d79  2008.1/x86_64/lib64apr-util1-1.2.12-4.2mdv2008.1.x86_64.rpm\n 6fda7ebf5640ad5ad9ba0d2d1169dbc9  2008.1/x86_64/lib64apr-util-devel-1.2.12-4.2mdv2008.1.x86_64.rpm \n bf792d204211369b8c63051f1360fd97  2008.1/SRPMS/apr-1.2.12-3.1mdv2008.1.src.rpm\n dcbd01ea287e6d8efc276dfa074c3930  2008.1/SRPMS/apr-util-1.2.12-4.2mdv2008.1.src.rpm\n\n Mandriva Linux 2009.0:\n 89786c5904cee8d22c5140528d412a1c  2009.0/i586/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.i586.rpm\n 19df90719d15def384b7aec1efc5dcd8  2009.0/i586/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.i586.rpm\n e164acf4668fd239f2801698e3dc9aa4  2009.0/i586/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.i586.rpm\n 70f55ca514ef15778001082f3c51a9fd  2009.0/i586/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.i586.rpm\n 85135d9490be22fc56a897cf9d5fba7e  2009.0/i586/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.i586.rpm\n 424d3a8896bc70503a69dc8c4d9882a9  2009.0/i586/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.i586.rpm\n 586edd704499f119527638f0f1913614  2009.0/i586/libapr1-1.3.3-2.1mdv2009.0.i586.rpm\n f5065323fca63075434ce1eb850e3c01  2009.0/i586/libapr-devel-1.3.3-2.1mdv2009.0.i586.rpm\n 4aba7262b561a1d67187c799cd06a138  2009.0/i586/libapr-util1-1.3.4-2.2mdv2009.0.i586.rpm\n a125fa8529bd8dd79ada83747c23f9d4  2009.0/i586/libapr-util-devel-1.3.4-2.2mdv2009.0.i586.rpm \n 23e454eea7e368502047b85976d1ef88  2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm\n 162271ed051fa5de81a973e5adc487dc  2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.0/X86_64:\n 667ffab851dd6babd31700a5d9c113a7  2009.0/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdv2009.0.x86_64.rpm\n 08089224bb9da997752624d85c229251  2009.0/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdv2009.0.x86_64.rpm\n 7ce1a16bc3e35fc4a3dcb8a1e148c05b  2009.0/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdv2009.0.x86_64.rpm\n 075dbc136d3110952d54f9a85761c1b6  2009.0/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdv2009.0.x86_64.rpm\n 90edf3ec758ed79a7973a36141ddc295  2009.0/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdv2009.0.x86_64.rpm\n f15ee7ff2b203c436eab2d7e4c118a1d  2009.0/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdv2009.0.x86_64.rpm\n 2b0529a353e38a0eda5f8d08ecf95554  2009.0/x86_64/lib64apr1-1.3.3-2.1mdv2009.0.x86_64.rpm\n 524773745dfeb06cd86e7149723c6cbe  2009.0/x86_64/lib64apr-devel-1.3.3-2.1mdv2009.0.x86_64.rpm\n 3e7bc1d3e713ba5893c34215ee93f932  2009.0/x86_64/lib64apr-util1-1.3.4-2.2mdv2009.0.x86_64.rpm\n 44be6021b3db277a5993f488b02074db  2009.0/x86_64/lib64apr-util-devel-1.3.4-2.2mdv2009.0.x86_64.rpm \n 23e454eea7e368502047b85976d1ef88  2009.0/SRPMS/apr-1.3.3-2.1mdv2009.0.src.rpm\n 162271ed051fa5de81a973e5adc487dc  2009.0/SRPMS/apr-util-1.3.4-2.2mdv2009.0.src.rpm\n\n Mandriva Linux 2009.1:\n 0b3427fcb40fcd8e068eb81e8de67685  2009.1/i586/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.i586.rpm\n 77e215797fc02c290e59ce072a36fffc  2009.1/i586/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.i586.rpm\n 05d1106df36459a7a40ecb11d5560c61  2009.1/i586/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.i586.rpm\n 97adcfda40750873588942a9ab0e5e3c  2009.1/i586/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.i586.rpm\n 1b9379f8d6ec49908d43d4228ecbee66  2009.1/i586/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.i586.rpm\n a5e5bb25d2e370e22f274482afe74fd8  2009.1/i586/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.i586.rpm\n 1f907eab0d93dd413086f0943988284c  2009.1/i586/libapr1-1.3.3-5.1mdv2009.1.i586.rpm\n a6992c671c7352c2965f46abced93b8a  2009.1/i586/libapr-devel-1.3.3-5.1mdv2009.1.i586.rpm\n e748ca10352eaa46ef2514ce8718674b  2009.1/i586/libapr-util1-1.3.4-9.2mdv2009.1.i586.rpm\n 73afb8eabe81ae8be63f1ba9d8fc3bf2  2009.1/i586/libapr-util-devel-1.3.4-9.2mdv2009.1.i586.rpm \n 1a1706c01c2668a058a54c06d6e5aac6  2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm\n 241d8b7b1261089d299f9b8463f391a7  2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm\n\n Mandriva Linux 2009.1/X86_64:\n f0b10ee44c9092605ad1137a46e4955c  2009.1/x86_64/apr-util-dbd-freetds-1.3.4-9.2mdv2009.1.x86_64.rpm\n 98247a74314a56b6f4097a9943e236c0  2009.1/x86_64/apr-util-dbd-ldap-1.3.4-9.2mdv2009.1.x86_64.rpm\n 2e0d895eb1b93c2518436ab4c678da23  2009.1/x86_64/apr-util-dbd-mysql-1.3.4-9.2mdv2009.1.x86_64.rpm\n 8269586d2608f6e79eff11de7bda333e  2009.1/x86_64/apr-util-dbd-odbc-1.3.4-9.2mdv2009.1.x86_64.rpm\n 489b31861a5fabd272348ca224e4d9b4  2009.1/x86_64/apr-util-dbd-pgsql-1.3.4-9.2mdv2009.1.x86_64.rpm\n b1164ff6f2e06bfcada083e9d11c1595  2009.1/x86_64/apr-util-dbd-sqlite3-1.3.4-9.2mdv2009.1.x86_64.rpm\n 257e2b240479fb7c472efa7de7ee11c8  2009.1/x86_64/lib64apr1-1.3.3-5.1mdv2009.1.x86_64.rpm\n 222f5f44d9600dcf593923ea6422d47e  2009.1/x86_64/lib64apr-devel-1.3.3-5.1mdv2009.1.x86_64.rpm\n 99ef537b486eccad55d8f0d79f37abbd  2009.1/x86_64/lib64apr-util1-1.3.4-9.2mdv2009.1.x86_64.rpm\n 9d9e0933f57289530059e5a9b3e42e1c  2009.1/x86_64/lib64apr-util-devel-1.3.4-9.2mdv2009.1.x86_64.rpm \n 1a1706c01c2668a058a54c06d6e5aac6  2009.1/SRPMS/apr-1.3.3-5.1mdv2009.1.src.rpm\n 241d8b7b1261089d299f9b8463f391a7  2009.1/SRPMS/apr-util-1.3.4-9.2mdv2009.1.src.rpm\n\n Corporate 3.0:\n 39d0747e39f45148c8540e76a272f219  corporate/3.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm\n 9c7677568ec7e3fab84ed224af029d6a  corporate/3.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm\n 9f60f68aa326aaaa02cb6e9346ac0b7b  corporate/3.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm\n a9051117cf2a34ed7cf9066e31d1767f  corporate/3.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm\n ddc2cafb1a02ee501e5127a8731ea942  corporate/3.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm\n f3bbd229b347489f40b81419214c42bd  corporate/3.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm\n cd19b116ef93c07f78efbe4393d2e3be  corporate/3.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm\n 5a2da72b9255a8c35f0ed877899f90eb  corporate/3.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm\n e940b8e3b2da880bca84ebc9f528b2e6  corporate/3.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm\n 5d713bee1985cc49c585b4289ee76f1e  corporate/3.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm\n f293fbf344f6fc55e92170518a710149  corporate/3.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm\n f4c48499cb6968a12a5250e3464a2b30  corporate/3.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm\n 997ea437e49903a014de32e61573de7a  corporate/3.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm\n fe5f16a62fc94177286445e9830cb6a6  corporate/3.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm\n 4eb89be3edc9f7dd0511e22d64baefe2  corporate/3.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm\n 64be98dcd021367f603e972cc40d6710  corporate/3.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm \n 5c5a7cb9305c8b0d469fc424931ae215  corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm\n\n Corporate 3.0/X86_64:\n c84b780216da90735018f37b8d606ad9  corporate/3.0/x86_64/apache2-2.0.48-6.22.C30mdk.x86_64.rpm\n 079ef7c187ea63bdfdb7b2f8e0c7ed85  corporate/3.0/x86_64/apache2-common-2.0.48-6.22.C30mdk.x86_64.rpm\n 78d8764d894dcf4821e3014b3bf0a1c2  corporate/3.0/x86_64/apache2-devel-2.0.48-6.22.C30mdk.x86_64.rpm\n e938351292eaf95bad5937066e071f6e  corporate/3.0/x86_64/apache2-manual-2.0.48-6.22.C30mdk.x86_64.rpm\n b7b0c47891c1da19b9bfedd5eaeb5a12  corporate/3.0/x86_64/apache2-mod_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 14603191e70ea26450ad9f5254f1eff8  corporate/3.0/x86_64/apache2-mod_dav-2.0.48-6.22.C30mdk.x86_64.rpm\n f49c1f32bfa9b325836e28f7078d3897  corporate/3.0/x86_64/apache2-mod_deflate-2.0.48-6.22.C30mdk.x86_64.rpm\n 0d8058c7d57105b18e97579817872d95  corporate/3.0/x86_64/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 09b7bdc4907e672ee9b83a9f0ed2fb13  corporate/3.0/x86_64/apache2-mod_file_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 90a9565c923530b22f4141d2a186972b  corporate/3.0/x86_64/apache2-mod_ldap-2.0.48-6.22.C30mdk.x86_64.rpm\n 0f244810519460074938138d87a11997  corporate/3.0/x86_64/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.x86_64.rpm\n 0836106477de3d26f4c31a595c996cdc  corporate/3.0/x86_64/apache2-mod_proxy-2.0.48-6.22.C30mdk.x86_64.rpm\n 353d05dfc30072a39f3597c39454f331  corporate/3.0/x86_64/apache2-mod_ssl-2.0.48-6.22.C30mdk.x86_64.rpm\n 1234e8bf94a4ddf65cf225aaf4367937  corporate/3.0/x86_64/apache2-modules-2.0.48-6.22.C30mdk.x86_64.rpm\n fbb25973021e327262cc152fd46996cc  corporate/3.0/x86_64/apache2-source-2.0.48-6.22.C30mdk.x86_64.rpm\n 0520ca7c45963a2e2e26d8e3b5f63c41  corporate/3.0/x86_64/lib64apr0-2.0.48-6.22.C30mdk.x86_64.rpm \n 5c5a7cb9305c8b0d469fc424931ae215  corporate/3.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm\n\n Corporate 4.0:\n 59bb8b01944e22319fcd4a0202bdffd9  corporate/4.0/i586/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.i586.rpm\n 75fc1a2cbde6e0426f3f59cfd099b3b1  corporate/4.0/i586/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.i586.rpm\n 73cbae192430eca396ba79f548437cc1  corporate/4.0/i586/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.i586.rpm\n 09726634b12dc2afc37d292853cfb28c  corporate/4.0/i586/libapr1-1.2.7-1.1.20060mlcs4.i586.rpm\n cbfbe3652be9a6986f5f672034b84dc0  corporate/4.0/i586/libapr1-devel-1.2.7-1.1.20060mlcs4.i586.rpm\n 0733be6b968d4cbcce3494afe962ea12  corporate/4.0/i586/libapr-util1-1.2.7-6.2.20060mlcs4.i586.rpm\n 725117e7948c43a6fb72f51966d6dd79  corporate/4.0/i586/libapr-util1-devel-1.2.7-6.2.20060mlcs4.i586.rpm \n 4003af7f60b2b13d6f77a05ebe9dfb22  corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm\n e74d2bc186c01528afbbf64f7491f221  corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm\n\n Corporate 4.0/X86_64:\n 09e54e8fb5df6737dc1b00440d31d5c7  corporate/4.0/x86_64/apr-util-dbd-mysql-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 766214b9f0df47776db7bea60f97298f  corporate/4.0/x86_64/apr-util-dbd-pgsql-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 22cb8925b104be9d571cf592a29064c3  corporate/4.0/x86_64/apr-util-dbd-sqlite3-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 0fb8d44ea77b337e4026e72ed4000bf8  corporate/4.0/x86_64/lib64apr1-1.2.7-1.1.20060mlcs4.x86_64.rpm\n ba0345c32bfe4376621334e36a62a1c0  corporate/4.0/x86_64/lib64apr1-devel-1.2.7-1.1.20060mlcs4.x86_64.rpm\n cbd9beef22028ade9ecf3d172c710ff1  corporate/4.0/x86_64/lib64apr-util1-1.2.7-6.2.20060mlcs4.x86_64.rpm\n 5247ff1b281c9fa95ad547996f3bbb17  corporate/4.0/x86_64/lib64apr-util1-devel-1.2.7-6.2.20060mlcs4.x86_64.rpm \n 4003af7f60b2b13d6f77a05ebe9dfb22  corporate/4.0/SRPMS/apr-1.2.7-1.1.20060mlcs4.src.rpm\n e74d2bc186c01528afbbf64f7491f221  corporate/4.0/SRPMS/apr-util-1.2.7-6.2.20060mlcs4.src.rpm\n\n Mandriva Enterprise Server 5:\n fe7bd17a4b8499027179f5f421fce92d  mes5/i586/libapr1-1.3.3-2.1mdvmes5.i586.rpm\n ce82a19e9423f69bc380fc32e0e96a9d  mes5/i586/libapr-devel-1.3.3-2.1mdvmes5.i586.rpm \n 01004428f12cd78529ac43a546976121  mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm\n\n Mandriva Enterprise Server 5/X86_64:\n 744cad17495d753e07fed748ccab4c46  mes5/x86_64/apr-util-dbd-freetds-1.3.4-2.2mdvmes5.x86_64.rpm\n 4c70155fb19f486a19f048455e41e480  mes5/x86_64/apr-util-dbd-ldap-1.3.4-2.2mdvmes5.x86_64.rpm\n 278c7292a0432e0d6760639667ec6858  mes5/x86_64/apr-util-dbd-mysql-1.3.4-2.2mdvmes5.x86_64.rpm\n 0358fea0177405ccd625304c83715992  mes5/x86_64/apr-util-dbd-odbc-1.3.4-2.2mdvmes5.x86_64.rpm\n a549b591b27f810ba898e75030f61398  mes5/x86_64/apr-util-dbd-pgsql-1.3.4-2.2mdvmes5.x86_64.rpm\n fb02a789f8ec6081f01df92768cda441  mes5/x86_64/apr-util-dbd-sqlite3-1.3.4-2.2mdvmes5.x86_64.rpm\n 4dbc88f0779d110f589ee60d7708e1e0  mes5/x86_64/lib64apr1-1.3.3-2.1mdvmes5.x86_64.rpm\n d591c7684cfd0d6a9a5ae749a3120f58  mes5/x86_64/lib64apr-devel-1.3.3-2.1mdvmes5.x86_64.rpm\n 6b946eebc0ff697faad4364beae260f8  mes5/x86_64/lib64apr-util1-1.3.4-2.2mdvmes5.x86_64.rpm\n 5c1f8dd8c2fcb0eb68bd1e24a25d1e22  mes5/x86_64/lib64apr-util-devel-1.3.4-2.2mdvmes5.x86_64.rpm \n 01004428f12cd78529ac43a546976121  mes5/SRPMS/apr-1.3.3-2.1mdvmes5.src.rpm\n\n Multi Network Firewall 2.0:\n 39d0747e39f45148c8540e76a272f219  mnf/2.0/i586/apache2-2.0.48-6.22.C30mdk.i586.rpm\n 9c7677568ec7e3fab84ed224af029d6a  mnf/2.0/i586/apache2-common-2.0.48-6.22.C30mdk.i586.rpm\n 9f60f68aa326aaaa02cb6e9346ac0b7b  mnf/2.0/i586/apache2-devel-2.0.48-6.22.C30mdk.i586.rpm\n a9051117cf2a34ed7cf9066e31d1767f  mnf/2.0/i586/apache2-manual-2.0.48-6.22.C30mdk.i586.rpm\n ddc2cafb1a02ee501e5127a8731ea942  mnf/2.0/i586/apache2-mod_cache-2.0.48-6.22.C30mdk.i586.rpm\n f3bbd229b347489f40b81419214c42bd  mnf/2.0/i586/apache2-mod_dav-2.0.48-6.22.C30mdk.i586.rpm\n cd19b116ef93c07f78efbe4393d2e3be  mnf/2.0/i586/apache2-mod_deflate-2.0.48-6.22.C30mdk.i586.rpm\n 5a2da72b9255a8c35f0ed877899f90eb  mnf/2.0/i586/apache2-mod_disk_cache-2.0.48-6.22.C30mdk.i586.rpm\n e940b8e3b2da880bca84ebc9f528b2e6  mnf/2.0/i586/apache2-mod_file_cache-2.0.48-6.22.C30mdk.i586.rpm\n 5d713bee1985cc49c585b4289ee76f1e  mnf/2.0/i586/apache2-mod_ldap-2.0.48-6.22.C30mdk.i586.rpm\n f293fbf344f6fc55e92170518a710149  mnf/2.0/i586/apache2-mod_mem_cache-2.0.48-6.22.C30mdk.i586.rpm\n f4c48499cb6968a12a5250e3464a2b30  mnf/2.0/i586/apache2-mod_proxy-2.0.48-6.22.C30mdk.i586.rpm\n 997ea437e49903a014de32e61573de7a  mnf/2.0/i586/apache2-mod_ssl-2.0.48-6.22.C30mdk.i586.rpm\n fe5f16a62fc94177286445e9830cb6a6  mnf/2.0/i586/apache2-modules-2.0.48-6.22.C30mdk.i586.rpm\n 4eb89be3edc9f7dd0511e22d64baefe2  mnf/2.0/i586/apache2-source-2.0.48-6.22.C30mdk.i586.rpm\n 64be98dcd021367f603e972cc40d6710  mnf/2.0/i586/libapr0-2.0.48-6.22.C30mdk.i586.rpm \n 5c5a7cb9305c8b0d469fc424931ae215  mnf/2.0/SRPMS/apache2-2.0.48-6.22.C30mdk.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi.  The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security.  You can obtain the\n GPG public key of the Mandriva Security Team by executing:\n\n  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\n\n You can view other update advisories for Mandriva Linux at:\n\n  http://www.mandriva.com/security/advisories\n\n If you want to report vulnerabilities, please contact\n\n  security_(at)_mandriva.com\n _______________________________________________________________________\n\n Type Bits/KeyID     Date       User ID\n pub  1024D/22458A98 2000-07-10 Mandriva Security Team\n  \u003csecurity*mandriva.com\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niD8DBQFKesC1mqjQ0CJFipgRAvjJAJ9/hkPV+kb4tO2KHfjb2m+3nV+9+gCfQHvt\nuej6FdYjm8TitsZAK4BFOis=\n=IDO9\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\nDebian Security Advisory DSA-1854-1                  security@debian.org\nhttp://www.debian.org/security/                           Florian Weimer\nAugust 08, 2009                       http://www.debian.org/security/faq\n- ------------------------------------------------------------------------\n\nPackage        : apr, apr-util\nVulnerability  : heap buffer overflow\nDebian-specific: no\nCVE Id(s)      : CVE-2009-2412\n\nMatt Lewis discovered that the memory management code in the Apache\nPortable Runtime (APR) library does not guard against a wrap-around\nduring size computations.  This could cause the library to return a\nmemory area which smaller than requested, resulting a heap overflow\nand possibly arbitrary code execution. \n\nFor the old stable distribution (etch), this problem has been fixed in\nversion 1.2.7-9 of the apr package, and version 1.2.7+dfsg-2+etch3 of\nthe apr-util package. \n\nFor the stable distribution (lenny), this problem has been fixed in\nversion 1.2.12-5+lenny1 of the apr package and version 1.2.12-5+lenny1\nof the apr-util package. \n\nFor the unstable distribution (sid), this problem will be fixed soon. \n\nUpgrade instructions\n- --------------------\n\nwget url\n        will fetch the file for you\ndpkg -i file.deb\n        will install the referenced file. \n\nIf you are using the apt-get package manager, use the line for\nsources.list as given below:\n\napt-get update\n        will update the internal database\napt-get upgrade\n        will install corrected packages\n\nYou may use an automated update by adding the resources from the\nfooter to the proper configuration. \n\n\nDebian GNU/Linux 4.0 alias etch\n- -------------------------------\n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz\n    Size/MD5 checksum:   643328 a3117be657f99e92316be40add59b9ff\n  http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc\n    Size/MD5 checksum:     1036 9dc256c005a7f544c4d5c410b226fb74\n  http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz\n    Size/MD5 checksum:    26613 021ef3aa5b3a9fc021779a0b6a6a4ec9\n  http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz\n    Size/MD5 checksum:    21651 e090ebfd7174c90bae4e4935a3d3db15\n  http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz\n    Size/MD5 checksum:  1102370 aea926cbe588f844ad9e317157d60175\n  http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc\n    Size/MD5 checksum:      856 89662625fd7a34ceb514087de869d918\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb\n    Size/MD5 checksum:   121726 df1e2d6e8bf9ed485ad417fe274eb0e3\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb\n    Size/MD5 checksum:    83690 b5873275f420b15f9868ea0dde699c60\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb\n    Size/MD5 checksum:   371668 4e8bd42151f3cdf8cee91c49599aab42\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb\n    Size/MD5 checksum:   129158 5074639b4b0d9877ff29b96540fdfaec\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb\n    Size/MD5 checksum:   185420 ddf84849ff3bee792dc187c6d21958bd\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb\n    Size/MD5 checksum:   148140 079cff06535a7e3f4e9a5d682d80bb1b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb\n    Size/MD5 checksum:    72946 6b11e4b65bdf67981a091177d9644007\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb\n    Size/MD5 checksum:   126156 b420f555d02504e0497a0ba3c27e0cac\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb\n    Size/MD5 checksum:   127742 1606857f3291ccb10e038219f1f2eab3\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb\n    Size/MD5 checksum:   187302 bb1a4aa5768fa012201ad1e72bc27e93\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb\n    Size/MD5 checksum:   348120 b5d6b4e7c628dffe867159b54b6c82f1\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb\n    Size/MD5 checksum:   111664 6b51dc29ea4defa975902d246188086f\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb\n    Size/MD5 checksum:   121504 3ba789c274f2ed7030aa286ea57dbb3d\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb\n    Size/MD5 checksum:   175146 86ff258e9181fa424cb043dc22e2c0e0\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb\n    Size/MD5 checksum:   117302 97d701c8f9d6746eb14448bfde8e8588\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb\n    Size/MD5 checksum:   104934 45a976662beb7ec3b15ee7c7a45f3de7\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb\n    Size/MD5 checksum:    66110 09c54142359236f50654bd9c7b375781\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb\n    Size/MD5 checksum:   335520 14d06ecfb54247718b780c893df8f4cc\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb\n    Size/MD5 checksum:   126186 9494353aa42e983a245af2890dd2c6d7\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb\n    Size/MD5 checksum:    78668 60c87b0e86c1ed31deecddd88cdf5fa5\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb\n    Size/MD5 checksum:   133918 ae993c733053a326603c5b750505bee9\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb\n    Size/MD5 checksum:   116052 6238f10eb5077bb53b9664b82b985c40\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb\n    Size/MD5 checksum:   338694 262cec472ec3aaeb1b4d38eebaa940c8\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb\n    Size/MD5 checksum:    68854 78ab4f6425153d8b746b99842994d555\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb\n    Size/MD5 checksum:   109138 4aa254cacd4e95785ae823cedb1cce2f\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb\n    Size/MD5 checksum:   122136 4a16475bb5780625902c79069681ae74\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb\n    Size/MD5 checksum:   180654 481471d06045a2e348b55de6dbdf5f94\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb\n    Size/MD5 checksum:   156562 52761fff3e82e21728e0c6a79bf4508f\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb\n    Size/MD5 checksum:    99446 3ad58d882e434e39be525e7aa41d9e93\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb\n    Size/MD5 checksum:   141894 5b7351a6b4c3765e3d76b9d22e04cf0e\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb\n    Size/MD5 checksum:   118716 8c73712293cd4d9a5935aefd18a3e4c9\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb\n    Size/MD5 checksum:   171514 f474001e4f852a44af517b5d6f737a65\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb\n    Size/MD5 checksum:   385514 76d0bbda16c749f6a5b40fd6297a180a\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb\n    Size/MD5 checksum:   188816 de1ecb467042d2c1891cc1d2f5db83d9\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb\n    Size/MD5 checksum:   130394 fc34d9b137c080b63374d809c1d6bf8b\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb\n    Size/MD5 checksum:   130492 4d7cdffabbef214eeea0c02a346d0eb8\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb\n    Size/MD5 checksum:    70776 6fe66f5cb81c2a3af2fa0cd64a85cfd8\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb\n    Size/MD5 checksum:   357368 aab08f1596aead97cc48924ebf99c80e\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb\n    Size/MD5 checksum:   112644 9c6d720999259453daaa13e8ec3c8336\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb\n    Size/MD5 checksum:   186464 5b2392a143ff8a173a771b819377ab47\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb\n    Size/MD5 checksum:   128052 02e3c278190e92d7131c275aab5f5c44\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb\n    Size/MD5 checksum:   358010 480087a77642a8ff99a32bb323b62600\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb\n    Size/MD5 checksum:   130712 50da703a75deb2ba87d4be171e80bd5b\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb\n    Size/MD5 checksum:   113352 d363370bcba834268202db5271b20aa3\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb\n    Size/MD5 checksum:    70794 1f57c4362c286bd0d2df40d775690612\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb\n    Size/MD5 checksum:   125106 92d5d46effd18aaa8e849254d9da8acd\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb\n    Size/MD5 checksum:   348504 2f4f96652c28e3f5f1cfae8e5265ec83\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb\n    Size/MD5 checksum:   130380 dacdce767bcff6b0ecbe66add6838e8b\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb\n    Size/MD5 checksum:   189780 ae1e23e3080fbfe3ba26b8acf9561d6c\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb\n    Size/MD5 checksum:   113956 1e2ba4da9ee0775325b351887c182f52\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb\n    Size/MD5 checksum:    72472 3a47c9eca3ec7b6f4e87609b3aca7f65\n\ns390 architecture (IBM S/390)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb\n    Size/MD5 checksum:   124802 cdd46922b57a51fedb25ae401d8dc753\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb\n    Size/MD5 checksum:   121978 71edc1d101933b1a43a9c395427a4aed\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb\n    Size/MD5 checksum:   128570 f0f7d5dfecb61c6212e0803a325e8a01\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb\n    Size/MD5 checksum:   186320 cca313c55848e6161810ff16fb71390f\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb\n    Size/MD5 checksum:   349848 b9cbaa0a70b9bfa28d74ac4a6e107428\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb\n    Size/MD5 checksum:    76668 f6b5e093ae1c3c5d4442e223115052de\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb\n    Size/MD5 checksum:   338056 ab06437e18c1cc36dab35779cc4102d8\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb\n    Size/MD5 checksum:   103200 1c6f94d15f4e3052e9ed80fc232f96b5\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb\n    Size/MD5 checksum:   117840 5f0671d301a9e2ea8020d0dcaa71a42b\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb\n    Size/MD5 checksum:    66374 668815a44c99c366ae8e3f624613932e\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb\n    Size/MD5 checksum:   167962 f338f71eeb38be58c67d1ac0fd92d1ff\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb\n    Size/MD5 checksum:   117510 63dd9c471f24472eb46a5fd9dcb92077\n\nDebian GNU/Linux 5.0 alias lenny\n- --------------------------------\n\nSource archives:\n\n  http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz\n    Size/MD5 checksum:  1127522 020ea947446dca2d1210c099c7a4c837\n  http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz\n    Size/MD5 checksum:    12398 b407ff7dac7363278f4f060e121aa611\n  http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz\n    Size/MD5 checksum:   658687 4ef3e41037fe0cdd3a0d107335a008eb\n  http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc\n    Size/MD5 checksum:     1530 dccceaa89d58074be3b7b7738a99756b\n  http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz\n    Size/MD5 checksum:    23138 a2222477de9ad92015416542a2c250ed\n  http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc\n    Size/MD5 checksum:     1284 4330306f892fd7c0950b1ccf2537b38d\n\nalpha architecture (DEC Alpha)\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb\n    Size/MD5 checksum:   806236 3689d5ee779d3846fe67c9dad2f213dc\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb\n    Size/MD5 checksum:    53204 92bb2e8a7c48e6f8437680e08607a3f7\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb\n    Size/MD5 checksum:   147658 edba141e93c382fbf0ab2bbec1dba899\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb\n    Size/MD5 checksum:   158060 b80ad32790c6c8d89f0007a69d9ce0b8\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb\n    Size/MD5 checksum:    90740 c715b55d060a2d4e8d7684477d0b9014\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb\n    Size/MD5 checksum:   121774 565a4fdd123d04698907456e40d4df0b\n\namd64 architecture (AMD x86_64 (AMD64))\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb\n    Size/MD5 checksum:    54232 3f23cc38f68bbf926b801b82b3fea917\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb\n    Size/MD5 checksum:    80046 f6158018f26ddd6369687b8f9f64aa75\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb\n    Size/MD5 checksum:   114326 851cc08504589c09f08ec9e6efa52ef1\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb\n    Size/MD5 checksum:   147928 136a5a5c0d558d8f252d1ed44efed217\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb\n    Size/MD5 checksum:   133850 6b71ac477650c688863ef33fc58216a0\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb\n    Size/MD5 checksum:   825740 bf80dbc726c5b691b023e96e463ba88c\n\narm architecture (ARM)\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb\n    Size/MD5 checksum:   818438 8e6c8a9964650a793e4a0e5ec51a8619\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb\n    Size/MD5 checksum:    54912 a853d8175d2bee56c6f37aada02fc2ca\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb\n    Size/MD5 checksum:   107790 85e0815ff8f340d99052a9c9f604cccd\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb\n    Size/MD5 checksum:    71112 20a4c9fd130c188166c0ebc6ceff5fcf\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb\n    Size/MD5 checksum:   138982 c84f95cff9713ed403fae7b712456ade\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb\n    Size/MD5 checksum:   124090 c4fc3663255a416725a69818e3523731\n\narmel architecture (ARM EABI)\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb\n    Size/MD5 checksum:   109676 e26ebffcc101ffc87963c9a65b3543f6\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb\n    Size/MD5 checksum:   124626 4c34337eb3d1d55900a067f2c8412abc\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb\n    Size/MD5 checksum:   821990 19c68f5f904bb3bbdfd44349f8544e83\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb\n    Size/MD5 checksum:    55820 f39b0928bc4b91fb60bd6259c6ae6e02\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb\n    Size/MD5 checksum:    70086 1d3032e0879ed1ea6fa2f04c34af1782\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb\n    Size/MD5 checksum:   139434 e802e42577998c62fadfc335edb3b81a\n\nhppa architecture (HP PA RISC)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb\n    Size/MD5 checksum:    83668 3c8893214d7375303eaf1eec6e27212b\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb\n    Size/MD5 checksum:   827762 2fd0d8dd54c92c828e42100bb8816b00\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb\n    Size/MD5 checksum:   142916 14e1e2f8fa50b0eb1772f1e4bbc26e50\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb\n    Size/MD5 checksum:   140872 7fef63f2cd282e44c51b5e69d94d8706\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb\n    Size/MD5 checksum:   113954 926b8c39fee1787a94b3d6cc1c6d420b\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb\n    Size/MD5 checksum:    54332 18751dc2275828a126b2dbe568678f32\n\ni386 architecture (Intel ia32)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb\n    Size/MD5 checksum:    73814 2ef03972ed5b2232fe5782c4960bc362\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb\n    Size/MD5 checksum:    54582 edc98ca59cebd14195602929def1da31\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb\n    Size/MD5 checksum:   141438 5a54e1cac30640ca5e9922586d9983a8\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb\n    Size/MD5 checksum:   108882 075f37cd43e483d27ff0b94ad01f2d08\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb\n    Size/MD5 checksum:   121138 fc2411e049936d12702713c82377c9e5\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb\n    Size/MD5 checksum:   809460 a5648e0404f1cb4244c156cf85bfe0f5\n\nia64 architecture (Intel ia64)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb\n    Size/MD5 checksum:   135404 8f7a4964b22e5e9e5297380c15d8818d\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb\n    Size/MD5 checksum:   170110 412b51e1e3c1ed4e309459dd17844e68\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb\n    Size/MD5 checksum:   154362 2fc1441f28ef4f90446464627c8ef36d\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb\n    Size/MD5 checksum:   837496 6862607faf59e42525f5205d8a967818\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb\n    Size/MD5 checksum:   111140 12f0bf9e6264cc9c170c2b8365428cc0\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb\n    Size/MD5 checksum:    53428 a6a55d644fb58a0f7ea6a9b509cb71d0\n\nmips architecture (MIPS (Big Endian))\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb\n    Size/MD5 checksum:   110932 feb666e4f402bcb1954bc194c37496d7\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb\n    Size/MD5 checksum:   147482 e2508cc75520518ccbe4c3a5cf0cc50c\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb\n    Size/MD5 checksum:    56582 5134a012017e629239cc543fedf4edf3\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb\n    Size/MD5 checksum:    74584 2fbb1b76079126fd701f32e45a9cf7f0\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb\n    Size/MD5 checksum:   792650 126585d9fe0def77f7632f9d098eb11d\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb\n    Size/MD5 checksum:   136438 ae62dc1d5a32fac11615f4b67cfa4a6b\n\nmipsel architecture (MIPS (Little Endian))\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb\n    Size/MD5 checksum:    56414 ecca7e3643ccb91fc962b886bdddbc0e\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb\n    Size/MD5 checksum:   136390 d45f956c14ea9fe22b77bce3810c32b7\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb\n    Size/MD5 checksum:   144740 05411f88615592531468cdd89bb4b5d0\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb\n    Size/MD5 checksum:    74366 a15e15331a62f33d33481b7e53f07b48\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb\n    Size/MD5 checksum:   792762 dc1e4748e106c82e9f8bf6c3ecce4a38\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb\n    Size/MD5 checksum:   110974 a5dd28b5c9b3106da8e4c81abea6777d\n\npowerpc architecture (PowerPC)\n\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb\n    Size/MD5 checksum:    82512 f8a18fb94a4ef3cabec01c288a26eef5\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb\n    Size/MD5 checksum:    55708 555d64273f15c6ebd503b7cb84f0fb29\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb\n    Size/MD5 checksum:   132338 66e77820b5b9d2a05d6df5c4ec2c76b0\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb\n    Size/MD5 checksum:   116238 1a291989c32ea21ac8eef9ca51831fc5\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb\n    Size/MD5 checksum:   147180 cc9f274b349dbbb9ce9b69b0d0edf493\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb\n    Size/MD5 checksum:   821948 fc3acf3dec16223caf6f932e8b7c0c01\n\ns390 architecture (IBM S/390)\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb\n    Size/MD5 checksum:   126058 474bddd0f3c5a69cc21fc2d403fe90f6\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb\n    Size/MD5 checksum:   148614 89cc7bb2619f28e5e6e9d0042050a924\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb\n    Size/MD5 checksum:   133044 fb35625937e6fae551d97df283a32dd9\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb\n    Size/MD5 checksum:   787872 2dc32425bfbd17b841218064599d80ed\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb\n    Size/MD5 checksum:    85496 c41f2fdebd22ec066815211768dcdc3a\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb\n    Size/MD5 checksum:    54414 c36fa2538d8077a8ef09842e07bd989a\n\nsparc architecture (Sun SPARC/UltraSPARC)\n\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb\n    Size/MD5 checksum:   814624 613a70f3443404f5939e91e229d01d25\n  http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb\n    Size/MD5 checksum:    54370 4c12839718c73a2b96b607d77fcbc583\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb\n    Size/MD5 checksum:   131706 5c2ad3da38aaaab8ac2c14656602c532\n  http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb\n    Size/MD5 checksum:   108712 c1f66be9c2daa447d5bfbd1f7639aada\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb\n    Size/MD5 checksum:    72738 ec558ed4277ca676f07e3181ffad0335\n  http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb\n    Size/MD5 checksum:   124976 22385c13d934c3877ce2f9eeaa4584e3\n\n\n  These files will probably be moved into the stable distribution on\n  its next update. \n\n- ---------------------------------------------------------------------------------\nFor apt-get: deb http://security.debian.org/ stable/updates main\nFor dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main\nMailing list: debian-security-announce@lists.debian.org\nPackage info: `apt-cache show \u003cpkg\u003e\u0027 and http://packages.debian.org/\u003cpkg\u003e\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.9 (GNU/Linux)\n\niQEcBAEBAgAGBQJKfcqtAAoJEL97/wQC1SS+6T4IAJxpIZ7AUOwmDtuOk/WQzlzv\nU1nz6YhC9nhf/QdjbmAe0+ClaGwP5FZOacfEK6t64DBJ/81qgLtHlh6hlbm2+9wD\nvIddGlXmdKjEcHXVbt5rwEoc9pk6ma954Fziu2yUVxhP40SBLWlfEQ5w1LxjNHAI\nUKokX2+4C3Lk+6hJd8AqnvyfqP8h990HzFqT11hh8OlKVrvHmAiZWbSMmLvkKsPf\nF5mNDGVKluNfpAhwo6eLN2ayRDEKAeuejF2jQtb/MXQN3kJpPri2JhalhMra371l\nRmpmVNUOtKKJz/3gHSLjQNh6D5G4kj/I9RcHFA68Pv14kXh0xgtQlKGGLaPo/3M=\n=704P\n-----END PGP SIGNATURE-----\n. Subversion clients and servers, versions 1.6.0 - 1.6.3 and all\nversions \u003c 1.5.7, are vulnerable to several heap overflow problems\nwhich may lead to remote code execution.  The official advisory\n(mirrored at http://subversion.tigris.org/security/CVE-2009-2411-advisory.txt)\nfollows:\n\n\n  Subversion clients and servers up to 1.6.3 (inclusive) have heap\n  overflow issues in the parsing of binary deltas. \n\nSummary:\n========\n\n  Subversion clients and servers have multiple heap overflow issues in\n  the parsing of binary deltas.  This is related to an allocation\n  vulnerability in the APR library used by Subversion. \n\n  Clients with commit access to a vulnerable server can cause a remote\n  heap overflow; servers can cause a heap overflow on vulnerable\n  clients that try to do a checkout or update. \n\n  This can lead to a DoS (an exploit has been tested) and to arbitrary\n  code execution (no exploit tested, but the possibility is clear). \n\nKnown vulnerable:\n=================\n\n  Subversion clients and servers \u003c= 1.5.6. \n  Subversion clients and servers 1.6.0 through 1.6.3 (inclusive). \n\nKnown fixed:\n============\n\n  Subversion 1.6.4\n  Subversion 1.5.7\n\n  (Search for \"Patch\" below to see the patches from 1.6.3 -\u003e 1.6.4 and\n   1.5.6 -\u003e 1.5.7.  Search for \"Recommendations\" to get URLs for the\n   1.6.4 release and associated APR library patch.)\n\nDetails:\n========\n\n  The libsvn_delta library does not contain sufficient input validation\n  of svndiff streams.  If a stream with large windows is processed,\n  one of several integer overflows may lead to some boundary checks\n  incorrectly passing, which in turn can lead to a heap overflow. \n\nSeverity:\n=========\n\n  A remote attacker with commit access to repository may be able to\n  execute code on a Subversion server.  A malicious server may be able to\n  execute code on a Subversion client. \n\nRecommendations:\n================\n\n  We recommend all users to upgrade to Subversion 1.6.4. \n\n  We recommend all users to upgrade to the latest versions of APR and\n  APR-UTIL, or apply the CVE-2009-2412 patch appropriate to their APR\n  installation from \u003chttp://www.apache.org/dist/apr/patches/\u003e. \n\n  New Subversion packages can be found at:\n  http://subversion.tigris.org/project_packages.html\n\nReferences:\n===========\n\n  CVE-2009-2411  (Subversion)\n  CVE-2009-2412  (APR)\n\nReported by:\n============\n\n  Matt Lewis, Google. \n\nPatches:\n========\n\n  This patch applies to Subversion 1.6.x (apply with patch -p0 \u003c patchfile):\n\n[[[\nIndex: subversion/libsvn_delta/svndiff.c\n===================================================================\n--- subversion/libsvn_delta/svndiff.c (revision 38519)\n+++ subversion/libsvn_delta/svndiff.c (working copy)\n@@ -60,10 +60,23 @@ struct encoder_baton {\n   apr_pool_t *pool;\n };\n\n+/* This is at least as big as the largest size of an integer that\n+   encode_int can generate; it is sufficient for creating buffers for\n+   it to write into.  This assumes that integers are at most 64 bits,\n+   and so 10 bytes (with 7 bits of information each) are sufficient to\n+   represent them. */\n+#define MAX_ENCODED_INT_LEN 10\n+/* This is at least as big as the largest size for a single instruction. */\n+#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1)\n+/* This is at least as big as the largest possible instructions\n+   section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE\n+   1-byte copy-from-source instructions (though this is very unlikely). */\n+#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN)\n\n /* Encode VAL into the buffer P using the variable-length svndiff\n    integer format.  Return the incremented value of P after the\n-   encoded bytes have been written. \n+   encoded bytes have been written.  P must point to a buffer of size\n+   at least MAX_ENCODED_INT_LEN. \n\n    This encoding uses the high bit of each byte as a continuation bit\n    and the other seven bits as data bits.  High-order data bits are\n@@ -85,7 +98,7 @@ encode_int(char *p, svn_filesize_t val)\n   svn_filesize_t v;\n   unsigned char cont;\n\n-  assert(val \u003e= 0);\n+  SVN_ERR_ASSERT_NO_RETURN(val \u003e= 0);\n\n   /* Figure out how many bytes we\u0027ll need.  */\n   v = val \u003e\u003e 7;\n@@ -96,6 +109,8 @@ encode_int(char *p, svn_filesize_t val)\n       n++;\n     }\n\n+  SVN_ERR_ASSERT_NO_RETURN(n \u003c= MAX_ENCODED_INT_LEN);\n+\n   /* Encode the remaining bytes; n is always the number of bytes\n      coming after the one we\u0027re encoding.  */\n   while (--n \u003e= 0)\n@@ -112,7 +127,7 @@ encode_int(char *p, svn_filesize_t val)\n static void\n append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val)\n {\n-  char buf[128], *p;\n+  char buf[MAX_ENCODED_INT_LEN], *p;\n\n   p = encode_int(buf, val);\n   svn_stringbuf_appendbytes(header, buf, p - buf);\n@@ -168,7 +183,7 @@ window_handler(svn_txdelta_window_t *window, void\n   svn_stringbuf_t *i1 = svn_stringbuf_create(\"\", pool);\n   svn_stringbuf_t *header = svn_stringbuf_create(\"\", pool);\n   const svn_string_t *newdata;\n-  char ibuf[128], *ip;\n+  char ibuf[MAX_INSTRUCTION_LEN], *ip;\n   const svn_txdelta_op_t *op;\n   apr_size_t len;\n\n@@ -346,6 +361,8 @@ decode_file_offset(svn_filesize_t *val,\n                    const unsigned char *p,\n                    const unsigned char *end)\n {\n+  if (p + MAX_ENCODED_INT_LEN \u003c end)\n+    end = p + MAX_ENCODED_INT_LEN;\n   /* Decode bytes until we\u0027re done.  */\n   *val = 0;\n   while (p \u003c end)\n@@ -365,6 +382,8 @@ decode_size(apr_size_t *val,\n             const unsigned char *p,\n             const unsigned char *end)\n {\n+  if (p + MAX_ENCODED_INT_LEN \u003c end)\n+    end = p + MAX_ENCODED_INT_LEN;\n   /* Decode bytes until we\u0027re done.  */\n   *val = 0;\n   while (p \u003c end)\n@@ -382,7 +401,7 @@ decode_size(apr_size_t *val,\n    data is not compressed.  */\n\n static svn_error_t *\n-zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out)\n+zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit)\n {\n   apr_size_t len;\n   char *oldplace = in-\u003edata;\n@@ -390,6 +409,13 @@ static svn_error_t *\n   /* First thing in the string is the original length.  */\n   in-\u003edata = (char *)decode_size(\u0026len, (unsigned char *)in-\u003edata,\n                                  (unsigned char *)in-\u003edata+in-\u003elen);\n+  if (in-\u003edata == NULL)\n+    return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+                            _(\"Decompression of svndiff data failed:\nno size\"));\n+  if (len \u003e limit)\n+    return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+                            _(\"Decompression of svndiff data failed: \"\n+                              \"size too large\"));\n   /* We need to subtract the size of the encoded original length off the\n    *      still remaining input length.  */\n   in-\u003elen -= (in-\u003edata - oldplace);\n@@ -487,10 +513,10 @@ count_and_verify_instructions(int *ninst,\n         return svn_error_createf\n           (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n            _(\"Invalid diff stream: insn %d cannot be decoded\"), n);\n-      else if (op.length \u003c= 0)\n+      else if (op.length == 0)\n         return svn_error_createf\n           (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n-           _(\"Invalid diff stream: insn %d has non-positive length\"), n);\n+           _(\"Invalid diff stream: insn %d has length zero\"), n);\n       else if (op.length \u003e tview_len - tpos)\n         return svn_error_createf\n           (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n@@ -499,7 +525,8 @@ count_and_verify_instructions(int *ninst,\n       switch (op.action_code)\n         {\n         case svn_txdelta_source:\n-          if (op.length \u003e sview_len - op.offset)\n+          if (op.length \u003e sview_len - op.offset ||\n+              op.offset \u003e sview_len)\n             return svn_error_createf\n               (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n                _(\"Invalid diff stream: \"\n@@ -565,11 +592,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi\n\n       instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);\n       instout = svn_stringbuf_create(\"\", pool);\n-      SVN_ERR(zlib_decode(instin, instout));\n+      SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));\n\n       ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool);\n       ndout = svn_stringbuf_create(\"\", pool);\n-      SVN_ERR(zlib_decode(ndin, ndout));\n+      SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));\n\n       newlen = ndout-\u003elen;\n       data = (unsigned char *)instout-\u003edata;\n@@ -685,6 +712,14 @@ write_handler(void *baton,\n       if (p == NULL)\n         return SVN_NO_ERROR;\n\n+      if (tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+          sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+          /* for svndiff1, newlen includes the original length */\n+          newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+          inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+        return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+                                _(\"Svndiff contains a too-large window\"));\n+\n       /* Check for integer overflow.  */\n       if (sview_offset \u003c 0 || inslen + newlen \u003c inslen\n           || sview_len + tview_len \u003c sview_len\n@@ -841,6 +876,14 @@ read_window_header(svn_stream_t *stream, svn_files\n   SVN_ERR(read_one_size(inslen, stream));\n   SVN_ERR(read_one_size(newlen, stream));\n\n+  if (*tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+      *sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+      /* for svndiff1, newlen includes the original length */\n+      *newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+      *inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+    return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+                            _(\"Svndiff contains a too-large window\"));\n+\n   /* Check for integer overflow.  */\n   if (*sview_offset \u003c 0 || *inslen + *newlen \u003c *inslen\n       || *sview_len + *tview_len \u003c *sview_len\nIndex: subversion/libsvn_delta/text_delta.c\n===================================================================\n--- subversion/libsvn_delta/text_delta.c  (revision 38519)\n+++ subversion/libsvn_delta/text_delta.c  (working copy)\n@@ -548,7 +548,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler\n /* Functions for applying deltas.  */\n\n /* Ensure that BUF has enough space for VIEW_LEN bytes.  */\n-static APR_INLINE void\n+static APR_INLINE svn_error_t *\n size_buffer(char **buf, apr_size_t *buf_size,\n             apr_size_t view_len, apr_pool_t *pool)\n {\n@@ -557,8 +557,11 @@ size_buffer(char **buf, apr_size_t *buf_size,\n       *buf_size *= 2;\n       if (*buf_size \u003c view_len)\n         *buf_size = view_len;\n+      SVN_ERR_ASSERT(APR_ALIGN_DEFAULT(*buf_size) \u003e= *buf_size);\n       *buf = apr_palloc(pool, *buf_size);\n     }\n+\n+  return SVN_NO_ERROR;\n }\n\n\n@@ -659,7 +662,7 @@ apply_window(svn_txdelta_window_t *window, void *b\n                          \u003e= ab-\u003esbuf_offset + ab-\u003esbuf_len)));\n\n   /* Make sure there\u0027s enough room in the target buffer.  */\n-  size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool);\n+  SVN_ERR(size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool));\n\n   /* Prepare the source buffer for reading from the input stream.  */\n   if (window-\u003esview_offset != ab-\u003esbuf_offset\n@@ -668,7 +671,8 @@ apply_window(svn_txdelta_window_t *window, void *b\n       char *old_sbuf = ab-\u003esbuf;\n\n       /* Make sure there\u0027s enough room.  */\n-      size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len, ab-\u003epool);\n+      SVN_ERR(size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len,\n+              ab-\u003epool));\n\n       /* If the existing view overlaps with the new view, copy the\n        * overlap to the beginning of the new buffer.  */\n]]]\n\n\n  This patch applies to Subversion 1.5.x:\n\n[[[\nIndex: subversion/libsvn_delta/svndiff.c\n===================================================================\n--- subversion/libsvn_delta/svndiff.c (revision 38498)\n+++ subversion/libsvn_delta/svndiff.c (working copy)\n@@ -55,10 +55,23 @@ struct encoder_baton {\n   apr_pool_t *pool;\n };\n\n+/* This is at least as big as the largest size of an integer that\n+   encode_int can generate; it is sufficient for creating buffers for\n+   it to write into.  This assumes that integers are at most 64 bits,\n+   and so 10 bytes (with 7 bits of information each) are sufficient to\n+   represent them. */\n+#define MAX_ENCODED_INT_LEN 10\n+/* This is at least as big as the largest size for a single instruction. */\n+#define MAX_INSTRUCTION_LEN (2*MAX_ENCODED_INT_LEN+1)\n+/* This is at least as big as the largest possible instructions\n+   section: in theory, the instructions could be SVN_DELTA_WINDOW_SIZE\n+   1-byte copy-from-source instructions (though this is very unlikely). */\n+#define MAX_INSTRUCTION_SECTION_LEN (SVN_DELTA_WINDOW_SIZE*MAX_INSTRUCTION_LEN)\n\n /* Encode VAL into the buffer P using the variable-length svndiff\n    integer format.  Return the incremented value of P after the\n-   encoded bytes have been written. \n+   encoded bytes have been written.  P must point to a buffer of size\n+   at least MAX_ENCODED_INT_LEN. \n\n    This encoding uses the high bit of each byte as a continuation bit\n    and the other seven bits as data bits.  High-order data bits are\n@@ -91,6 +104,8 @@ encode_int(char *p, svn_filesize_t val)\n       n++;\n     }\n\n+  assert(n \u003c= MAX_ENCODED_INT_LEN);\n+\n   /* Encode the remaining bytes; n is always the number of bytes\n      coming after the one we\u0027re encoding.  */\n   while (--n \u003e= 0)\n@@ -107,7 +122,7 @@ encode_int(char *p, svn_filesize_t val)\n static void\n append_encoded_int(svn_stringbuf_t *header, svn_filesize_t val)\n {\n-  char buf[128], *p;\n+  char buf[MAX_ENCODED_INT_LEN], *p;\n\n   p = encode_int(buf, val);\n   svn_stringbuf_appendbytes(header, buf, p - buf);\n@@ -163,7 +178,7 @@ window_handler(svn_txdelta_window_t *window, void\n   svn_stringbuf_t *i1 = svn_stringbuf_create(\"\", pool);\n   svn_stringbuf_t *header = svn_stringbuf_create(\"\", pool);\n   const svn_string_t *newdata;\n-  char ibuf[128], *ip;\n+  char ibuf[MAX_INSTRUCTION_LEN], *ip;\n   const svn_txdelta_op_t *op;\n   apr_size_t len;\n\n@@ -341,6 +356,8 @@ decode_file_offset(svn_filesize_t *val,\n                    const unsigned char *p,\n                    const unsigned char *end)\n {\n+  if (p + MAX_ENCODED_INT_LEN \u003c end)\n+    end = p + MAX_ENCODED_INT_LEN;\n   /* Decode bytes until we\u0027re done.  */\n   *val = 0;\n   while (p \u003c end)\n@@ -360,6 +377,8 @@ decode_size(apr_size_t *val,\n             const unsigned char *p,\n             const unsigned char *end)\n {\n+  if (p + MAX_ENCODED_INT_LEN \u003c end)\n+    end = p + MAX_ENCODED_INT_LEN;\n   /* Decode bytes until we\u0027re done.  */\n   *val = 0;\n   while (p \u003c end)\n@@ -377,7 +396,7 @@ decode_size(apr_size_t *val,\n    data is not compressed.  */\n\n static svn_error_t *\n-zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out)\n+zlib_decode(svn_stringbuf_t *in, svn_stringbuf_t *out, apr_size_t limit)\n {\n   apr_size_t len;\n   char *oldplace = in-\u003edata;\n@@ -385,6 +404,13 @@ static svn_error_t *\n   /* First thing in the string is the original length.  */\n   in-\u003edata = (char *)decode_size(\u0026len, (unsigned char *)in-\u003edata,\n                                  (unsigned char *)in-\u003edata+in-\u003elen);\n+  if (in-\u003edata == NULL)\n+    return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+                            _(\"Decompression of svndiff data failed:\nno size\"));\n+  if (len \u003e limit)\n+    return svn_error_create(SVN_ERR_SVNDIFF_INVALID_COMPRESSED_DATA, NULL,\n+                            _(\"Decompression of svndiff data failed: \"\n+                              \"size too large\"));\n   /* We need to subtract the size of the encoded original length off the\n    *      still remaining input length.  */\n   in-\u003elen -= (in-\u003edata - oldplace);\n@@ -482,10 +508,10 @@ count_and_verify_instructions(int *ninst,\n         return svn_error_createf\n           (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n            _(\"Invalid diff stream: insn %d cannot be decoded\"), n);\n-      else if (op.length \u003c= 0)\n+      else if (op.length == 0)\n         return svn_error_createf\n           (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n-           _(\"Invalid diff stream: insn %d has non-positive length\"), n);\n+           _(\"Invalid diff stream: insn %d has length zero\"), n);\n       else if (op.length \u003e tview_len - tpos)\n         return svn_error_createf\n           (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n@@ -494,7 +520,8 @@ count_and_verify_instructions(int *ninst,\n       switch (op.action_code)\n         {\n         case svn_txdelta_source:\n-          if (op.length \u003e sview_len - op.offset)\n+          if (op.length \u003e sview_len - op.offset ||\n+              op.offset \u003e sview_len)\n             return svn_error_createf\n               (SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n                _(\"Invalid diff stream: \"\n@@ -560,11 +587,11 @@ decode_window(svn_txdelta_window_t *window, svn_fi\n\n       instin = svn_stringbuf_ncreate((const char *)data, insend - data, pool);\n       instout = svn_stringbuf_create(\"\", pool);\n-      SVN_ERR(zlib_decode(instin, instout));\n+      SVN_ERR(zlib_decode(instin, instout, MAX_INSTRUCTION_SECTION_LEN));\n\n       ndin = svn_stringbuf_ncreate((const char *)insend, newlen, pool);\n       ndout = svn_stringbuf_create(\"\", pool);\n-      SVN_ERR(zlib_decode(ndin, ndout));\n+      SVN_ERR(zlib_decode(ndin, ndout, SVN_DELTA_WINDOW_SIZE));\n\n       newlen = ndout-\u003elen;\n       data = (unsigned char *)instout-\u003edata;\n@@ -680,6 +707,14 @@ write_handler(void *baton,\n       if (p == NULL)\n         return SVN_NO_ERROR;\n\n+      if (tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+          sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+          /* for svndiff1, newlen includes the original length */\n+          newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+          inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+        return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+                                _(\"Svndiff contains a too-large window\"));\n+\n       /* Check for integer overflow.  */\n       if (sview_offset \u003c 0 || inslen + newlen \u003c inslen\n           || sview_len + tview_len \u003c sview_len\n@@ -836,6 +871,14 @@ read_window_header(svn_stream_t *stream, svn_files\n   SVN_ERR(read_one_size(inslen, stream));\n   SVN_ERR(read_one_size(newlen, stream));\n\n+  if (*tview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+      *sview_len \u003e SVN_DELTA_WINDOW_SIZE ||\n+      /* for svndiff1, newlen includes the original length */\n+      *newlen \u003e SVN_DELTA_WINDOW_SIZE + MAX_ENCODED_INT_LEN ||\n+      *inslen \u003e MAX_INSTRUCTION_SECTION_LEN)\n+    return svn_error_create(SVN_ERR_SVNDIFF_CORRUPT_WINDOW, NULL,\n+                            _(\"Svndiff contains a too-large window\"));\n+\n   /* Check for integer overflow.  */\n   if (*sview_offset \u003c 0 || *inslen + *newlen \u003c *inslen\n       || *sview_len + *tview_len \u003c *sview_len\nIndex: subversion/libsvn_delta/text_delta.c\n===================================================================\n--- subversion/libsvn_delta/text_delta.c  (revision 38498)\n+++ subversion/libsvn_delta/text_delta.c  (working copy)\n@@ -498,7 +498,7 @@ svn_txdelta_target_push(svn_txdelta_window_handler\n /* Functions for applying deltas.  */\n\n /* Ensure that BUF has enough space for VIEW_LEN bytes.  */\n-static APR_INLINE void\n+static APR_INLINE svn_error_t *\n size_buffer(char **buf, apr_size_t *buf_size,\n             apr_size_t view_len, apr_pool_t *pool)\n {\n@@ -507,8 +507,13 @@ size_buffer(char **buf, apr_size_t *buf_size,\n       *buf_size *= 2;\n       if (*buf_size \u003c view_len)\n         *buf_size = view_len;\n+      if (APR_ALIGN_DEFAULT(*buf_size) \u003c *buf_size)\n+        return svn_error_create(SVN_ERR_SVNDIFF_INVALID_OPS, NULL,\n+                                \"Diff stream resulted in invalid\nbuffer size.\");\n       *buf = apr_palloc(pool, *buf_size);\n     }\n+\n+  return SVN_NO_ERROR;\n }\n\n\n@@ -609,7 +614,7 @@ apply_window(svn_txdelta_window_t *window, void *b\n                  \u003e= ab-\u003esbuf_offset + ab-\u003esbuf_len)));\n\n   /* Make sure there\u0027s enough room in the target buffer.  */\n-  size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool);\n+  SVN_ERR(size_buffer(\u0026ab-\u003etbuf, \u0026ab-\u003etbuf_size, window-\u003etview_len, ab-\u003epool));\n\n   /* Prepare the source buffer for reading from the input stream.  */\n   if (window-\u003esview_offset != ab-\u003esbuf_offset\n@@ -618,7 +623,8 @@ apply_window(svn_txdelta_window_t *window, void *b\n       char *old_sbuf = ab-\u003esbuf;\n\n       /* Make sure there\u0027s enough room.  */\n-      size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len, ab-\u003epool);\n+      SVN_ERR(size_buffer(\u0026ab-\u003esbuf, \u0026ab-\u003esbuf_size, window-\u003esview_len,\n+              ab-\u003epool));\n\n       /* If the existing view overlaps with the new view, copy the\n        * overlap to the beginning of the new buffer.  */\n]]]\n. The Apache Portable Runtime\nUtility Library (aka APR-Util) provides an interface to functionality\nsuch as XML parsing, string matching and databases connections. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package            /  Vulnerable  /                    Unaffected\n    -------------------------------------------------------------------\n  1  dev-libs/apr            \u003c 1.3.8                          \u003e= 1.3.8\n  2  dev-libs/apr-util       \u003c 1.3.9                          \u003e= 1.3.9\n    -------------------------------------------------------------------\n     2 affected packages on all of their supported architectures. \n    -------------------------------------------------------------------\n\nDescription\n===========\n\nMatt Lewis reported multiple Integer overflows in the apr_rmm_malloc(),\napr_rmm_calloc(), and apr_rmm_realloc() functions in misc/apr_rmm.c of\nAPR-Util and in memory/unix/apr_pools.c of APR, both occurring when\naligning memory blocks. \n\nImpact\n======\n\nA remote attacker could entice a user to connect to a malicious server\nwith software that uses the APR or act as a malicious client to a\nserver that uses the APR (such as Subversion or Apache servers),\npossibly resulting in the execution of arbitrary code with the\nprivileges of the user running the application. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Apache Portable Runtime users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =dev-libs/apr-1.3.8\n\nAll APR Utility Library users should upgrade to the latest version:\n\n    # emerge --sync\n    # emerge --ask --oneshot --verbose =dev-libs/apr-util-1.3.9\n\nReferences\n==========\n\n  [ 1 ] CVE-2009-2412\n        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2412\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n  http://security.gentoo.org/glsa/glsa-200909-03.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2009 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ===========================================================\nUbuntu Security Notice USN-813-2            August 08, 2009\napache2 vulnerability\nCVE-2009-2412\n===========================================================\n\nA security issue affects the following Ubuntu releases:\n\nUbuntu 6.06 LTS\n\nThis advisory also applies to the corresponding versions of\nKubuntu, Edubuntu, and Xubuntu. \n\nThe problem can be corrected by upgrading your system to the\nfollowing package versions:\n\nUbuntu 6.06 LTS:\n  libapr0                         2.0.55-4ubuntu2.7\n\nAfter a standard system upgrade you need to restart any applications using\napr, such as Subversion and Apache, to effect the necessary changes. \n\nDetails follow:\n\nUSN-813-1 fixed vulnerabilities in apr. This update provides the\ncorresponding updates for apr as provided by Apache on Ubuntu 6.06 LTS. \n\n\nUpdated packages for Ubuntu 6.06 LTS:\n\n  Source archives:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz\n      Size/MD5:   126010 68da83341313e1b166fe345138d1eaa5\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc\n      Size/MD5:     1156 0b17c48d0880ab82c769c41d1aff7002\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz\n      Size/MD5:  6092031 45e32c9432a8e3cf4227f5af91b03622\n\n  Architecture independent packages:\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb\n      Size/MD5:  2125530 9356b79c2b1591ffec1a6cd1974f82fd\n\n  amd64 architecture (Athlon64, Opteron, EM64T Xeon):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   833902 08b8aaf66aa52e6fd9dbed1647bb5dd2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   229124 400d32297652e4976456cb7b367cc435\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   224122 07be7749fd618703c9f093efeb5e6fad\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   228700 9c79315063121eb7017cd99c6bb4667c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   172244 e15a994901f09e6e8294d656b8a8254c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   173028 985f0a987b0e5e17b24fdd6f8475781a\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:    95066 2b836251f30a5c3d0cb24c2775a9b997\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:    37096 2756f162320b3b183c7447dad130cff9\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   286664 f46d70c05cba04ceaba7d62afe5ac5be\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb\n      Size/MD5:   145234 e1c285b96d1ee5e8a66d01eadcc289c6\n\n  i386 architecture (x86 compatible Intel/AMD):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   787150 ab3e75481087dc0148ca3ccc450a1ab1\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   203722 e10938af36f0e1802fbd3b0946ae6e3c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   199634 7ee8d5ba9679c8c7dd78c95b5fb74046\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   203146 5456087e20afd24d2a27d648fafeb135\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   172228 98a58d9526a667a05573e9b26fcfd45b\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   173020 1db636c0e79b0ea3c405da958c35c932\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:    92998 737aee7a7026d4d9b33a0f71b44e0b19\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:    37098 15db8827569af434025942a84e77b381\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   262652 93f2171d69072153264cab51860f781c\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb\n      Size/MD5:   133118 cac6f1c804a1e34bf4250be4d8670862\n\n  powerpc architecture (Apple Macintosh G3/G4/G5):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   859954 558399d0c5fb22cee0cdc1b20d4d7586\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   221090 94c5789d3d06b3553d883eca45ab06b7\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   216702 68edfa60eb9de377b20be68e10bd879a\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   220634 8f103f83772eb2e52cd38bb0fb1efbec\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   172234 559b5683e44f424324d43b09f42c63f6\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   173014 7c05a2f5fe626036ebaa271cece0cd09\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   104772 63a31e0f30472ebc19a79744b1b1fe03\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:    37098 c00f5d32432f97ac992652ac1bbb7259\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   282244 1a2c7d7038b335ae2ab6ff68d06a380f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb\n      Size/MD5:   142328 169a4ce5fc42eb789c76f46acb07aa00\n\n  sparc architecture (Sun SPARC/UltraSPARC):\n\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   804250 3a780a65322c539717e93a64792acc16\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   211276 e1f45226511664f1759a6ad75aff6155\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   206948 19e2792273d8a4935ef6fcc6ee369326\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   210556 e62136b10dca8c665defa2cc54640e64\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   172232 6e2213cb4b6a5dec1506fe01ce5cc028\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   173010 9603ee752f034d04fd349db168fbe2f2\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:    94084 c6f6315ff2e1865f409ae49d54e3a233\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:    37102 fdb3a44756f9d6e8d36c1b2558420d57\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   268648 03fbe81b3cc1f0ac17961fc5c58a3f5f\n    http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb\n      Size/MD5:   131056 8707670bfb577280d9b5d0689c51608c\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "db": "BID",
        "id": "35949"
      },
      {
        "db": "PACKETSTORM",
        "id": "80092"
      },
      {
        "db": "PACKETSTORM",
        "id": "80246"
      },
      {
        "db": "PACKETSTORM",
        "id": "80232"
      },
      {
        "db": "PACKETSTORM",
        "id": "81085"
      },
      {
        "db": "PACKETSTORM",
        "id": "80227"
      },
      {
        "db": "PACKETSTORM",
        "id": "80226"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2009-2412",
        "trust": 3.3
      },
      {
        "db": "BID",
        "id": "35949",
        "trust": 2.7
      },
      {
        "db": "OSVDB",
        "id": "56765",
        "trust": 2.4
      },
      {
        "db": "OSVDB",
        "id": "56766",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "36138",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "36140",
        "trust": 2.4
      },
      {
        "db": "SECUNIA",
        "id": "37152",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "37221",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "36233",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "36166",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2009-3184",
        "trust": 1.6
      },
      {
        "db": "VUPEN",
        "id": "ADV-2010-1107",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "80092",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "80246",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "80232",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "81085",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "80227",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "80226",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "35949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "db": "PACKETSTORM",
        "id": "80092"
      },
      {
        "db": "PACKETSTORM",
        "id": "80246"
      },
      {
        "db": "PACKETSTORM",
        "id": "80232"
      },
      {
        "db": "PACKETSTORM",
        "id": "81085"
      },
      {
        "db": "PACKETSTORM",
        "id": "80227"
      },
      {
        "db": "PACKETSTORM",
        "id": "80226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "id": "VAR-200908-0708",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.16451614
  },
  "last_update_date": "2024-07-23T20:50:52.900000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Fixed in Apache httpd 2.0.64",
        "trust": 0.8,
        "url": "http://httpd.apache.org/security/vulnerabilities_20.html#2.0.64"
      },
      {
        "title": "Apache 2.2.13 Released",
        "trust": 0.8,
        "url": "http://httpd.apache.org/#2.2.13"
      },
      {
        "title": "1.3.x/CHANGES",
        "trust": 0.8,
        "url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/changes?revision=800735\u0026view=markup"
      },
      {
        "title": "0.9.x/CHANGES",
        "trust": 0.8,
        "url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/changes?revision=800736\u0026view=markup"
      },
      {
        "title": "HT3937",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3937"
      },
      {
        "title": "HT3937",
        "trust": 0.8,
        "url": "http://support.apple.com/kb/ht3937?viewlocale=ja_jp"
      },
      {
        "title": "apr-1.2.7-11AXS3.1",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=730"
      },
      {
        "title": "apr-util-1.2.7-7AXS3.2",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=731"
      },
      {
        "title": "7008517",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=177\u0026uid=swg27008517#61029"
      },
      {
        "title": "7014506",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014506#7007"
      },
      {
        "title": "7014463",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27014463#7007"
      },
      {
        "title": "7007033",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27007033#60239"
      },
      {
        "title": "7006876",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg27006876##60239"
      },
      {
        "title": "PM10658",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
      },
      {
        "title": "7007951",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?rs=180\u0026uid=swg27007951#61029"
      },
      {
        "title": "PK93225",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk93225\u0026loc=en_us"
      },
      {
        "title": "1761",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1761"
      },
      {
        "title": "1768",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1768"
      },
      {
        "title": "1769",
        "trust": 0.8,
        "url": "http://www.miraclelinux.com/support/index.php?q=node/99\u0026errata_id=1769"
      },
      {
        "title": "RHSA-2009:1204",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2009-1204.html"
      },
      {
        "title": "RHSA-2009:1205",
        "trust": 0.8,
        "url": "https://rhn.redhat.com/errata/rhsa-2009-1205.html"
      },
      {
        "title": "cve_2010_0740_record_of",
        "trust": 0.8,
        "url": "http://blogs.oracle.com/sunsecurity/entry/cve_2010_0740_record_of"
      },
      {
        "title": "readme_imss71_lin_criticalpatch_b12531",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/71/readme_imss71_lin_criticalpatch_b12531.txt"
      },
      {
        "title": "readme_imss70_lin_criticalpatch_b33791",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/lin/70/readme_imss70_lin_criticalpatch_b33791.txt"
      },
      {
        "title": "readme_imss70_sol_criticalpatch_b81651",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/sol/70/readme_imss70_sol_criticalpatch_b81651.txt"
      },
      {
        "title": "readme_imss70_win_criticalpatch_b63681",
        "trust": 0.8,
        "url": "http://www.trendmicro.com/ftp/jp/ucmodule/imss/win/70/readme_imss70_win_criticalpatch_b63681.txt"
      },
      {
        "title": "TLSA-2010-30",
        "trust": 0.8,
        "url": "http://www.turbolinux.co.jp/security/2010/tlsa-2010-30j.txt"
      },
      {
        "title": "JP-2076110",
        "trust": 0.8,
        "url": "http://esupport.trendmicro.co.jp/pages/jp-2076110.aspx"
      },
      {
        "title": "RHSA-2009:1205",
        "trust": 0.8,
        "url": "https://www.jp.redhat.com/support/errata/rhsa/rhsa-2009-1205j.html"
      },
      {
        "title": "RHSA-2009:1204",
        "trust": 0.8,
        "url": "https://www.jp.redhat.com/support/errata/rhsa/rhsa-2009-1204j.html"
      },
      {
        "title": "interstage_as_201103",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201103.html"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://osvdb.org/56766"
      },
      {
        "trust": 2.4,
        "url": "http://osvdb.org/56765"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/36140"
      },
      {
        "trust": 2.4,
        "url": "http://secunia.com/advisories/36138"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/35949"
      },
      {
        "trust": 1.9,
        "url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/changes?revision=800736\u0026view=markup"
      },
      {
        "trust": 1.9,
        "url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/changes?revision=800735\u0026view=markup"
      },
      {
        "trust": 1.9,
        "url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/changes?revision=800733\u0026view=markup"
      },
      {
        "trust": 1.9,
        "url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/changes?revision=800732\u0026view=markup"
      },
      {
        "trust": 1.9,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk93225"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc/apr/apr-util/branches/0.9.x/misc/apr_rmm.c?r1=230441\u0026r2=800736"
      },
      {
        "trust": 1.6,
        "url": "http://support.apple.com/kb/ht3937"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk99482"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/37152"
      },
      {
        "trust": 1.6,
        "url": "http://www.ubuntu.com/usn/usn-813-2"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/37221"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc/apr/apr/branches/0.9.x/memory/unix/apr_pools.c?r1=585356\u0026r2=800733"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a9958"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc/apr/apr-util/branches/1.3.x/misc/apr_rmm.c?r1=647687\u0026r2=800735"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/36166"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2009/3184"
      },
      {
        "trust": 1.6,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00353.html"
      },
      {
        "trust": 1.6,
        "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a8394"
      },
      {
        "trust": 1.6,
        "url": "http://www.vupen.com/english/advisories/2010/1107"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/36233"
      },
      {
        "trust": 1.6,
        "url": "http://www.mandriva.com/security/advisories?name=mdvsa-2009:195"
      },
      {
        "trust": 1.6,
        "url": "http://lists.apple.com/archives/security-announce/2009/nov/msg00000.html"
      },
      {
        "trust": 1.6,
        "url": "http://lists.opensuse.org/opensuse-security-announce/2009-10/msg00006.html"
      },
      {
        "trust": 1.6,
        "url": "http://svn.apache.org/viewvc/apr/apr/branches/1.3.x/memory/unix/apr_pools.c?r1=678140\u0026r2=800732"
      },
      {
        "trust": 1.6,
        "url": "https://www.redhat.com/archives/fedora-package-announce/2009-august/msg00320.html"
      },
      {
        "trust": 1.0,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-2412"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 1.0,
        "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-2412"
      },
      {
        "trust": 0.6,
        "url": "http://blogs.sun.com/security/entry/cve_2010_0740_record_of"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2412"
      },
      {
        "trust": 0.6,
        "url": "httpd.apache.org%3e"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2009:1204"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2009:1205"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/security/cve/cve-2009-2412"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2009:1462"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=515698"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://access.redhat.com/errata/rhsa-2010:0602"
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d@%3ccvs."
      },
      {
        "trust": 0.6,
        "url": "https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3ccvs."
      },
      {
        "trust": 0.3,
        "url": "http://www.mail-archive.com/dev@httpd.apache.org/msg44737.html"
      },
      {
        "trust": 0.3,
        "url": "http://apr.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "http://www.apache.org/dist/httpd/changes_2.2.13"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pk96157"
      },
      {
        "trust": 0.3,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1pm10658"
      },
      {
        "trust": 0.3,
        "url": "http://www.fujitsu.com/global/support/software/security/products-f/interstage-201103e.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2009-1204.html"
      },
      {
        "trust": 0.3,
        "url": "http://rhn.redhat.com/errata/rhsa-2009-1462.html"
      },
      {
        "trust": 0.3,
        "url": "https://kb.bluecoat.com/index?page=content\u0026id=sa61\u0026actp=list"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/"
      },
      {
        "trust": 0.1,
        "url": "http://www.mandriva.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7-9.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.12-5+lenny1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/apr_1.2.7.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.12+dfsg-8+lenny4.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_arm.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.7+dfsg-2+etch3_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.12-5+lenny1_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.7+dfsg-2+etch3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_hppa.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dev_1.2.12+dfsg-8+lenny4_ia64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.12-5+lenny1_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1_1.2.7-9_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_mipsel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.12-5+lenny1_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://packages.debian.org/\u003cpkg\u003e"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dbg_1.2.7-9_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.12+dfsg-8+lenny4_mips.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1-dbg_1.2.7+dfsg-2+etch3_s390.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/apr-util_1.2.7+dfsg-2+etch3.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr/libapr1-dev_1.2.7-9_alpha.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.debian.org/pool/updates/main/a/apr-util/libaprutil1_1.2.12+dfsg-8+lenny4_armel.deb"
      },
      {
        "trust": 0.1,
        "url": "http://www.apache.org/dist/apr/patches/\u003e."
      },
      {
        "trust": 0.1,
        "url": "http://subversion.tigris.org/project_packages.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-2411"
      },
      {
        "trust": 0.1,
        "url": "http://subversion.tigris.org/security/cve-2009-2411-advisory.txt)"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "http://security.gentoo.org/glsa/glsa-200909-03.xml"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-doc_2.0.55-4ubuntu2.7_all.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-perchild_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-worker_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0_2.0.55-4ubuntu2.7_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-common_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-prefork-dev_2.0.55-4ubuntu2.7_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-mpm-prefork_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-utils_2.0.55-4ubuntu2.7_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/libapr0-dev_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2_2.0.55.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apache2/apache2-threaded-dev_2.0.55-4ubuntu2.7_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11-1ubuntu0.1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.11.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.11-1ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.dsc"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dbg_1.2.12-4ubuntu0.1_lpia.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12.orig.tar.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-5ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-4ubuntu0.1.diff.gz"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-4ubuntu0.1_sparc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.11-1ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1_1.2.12-4ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.12-5ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://ports.ubuntu.com/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_powerpc.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_i386.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dbg_1.2.11-1ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/libapr1-dev_1.2.12-5ubuntu0.1_amd64.deb"
      },
      {
        "trust": 0.1,
        "url": "http://security.ubuntu.com/ubuntu/pool/main/a/apr/apr_1.2.12-5ubuntu0.1.dsc"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "35949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "db": "PACKETSTORM",
        "id": "80092"
      },
      {
        "db": "PACKETSTORM",
        "id": "80246"
      },
      {
        "db": "PACKETSTORM",
        "id": "80232"
      },
      {
        "db": "PACKETSTORM",
        "id": "81085"
      },
      {
        "db": "PACKETSTORM",
        "id": "80227"
      },
      {
        "db": "PACKETSTORM",
        "id": "80226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "BID",
        "id": "35949"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "db": "PACKETSTORM",
        "id": "80092"
      },
      {
        "db": "PACKETSTORM",
        "id": "80246"
      },
      {
        "db": "PACKETSTORM",
        "id": "80232"
      },
      {
        "db": "PACKETSTORM",
        "id": "81085"
      },
      {
        "db": "PACKETSTORM",
        "id": "80227"
      },
      {
        "db": "PACKETSTORM",
        "id": "80226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      },
      {
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2009-08-05T00:00:00",
        "db": "BID",
        "id": "35949"
      },
      {
        "date": "2009-09-17T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "date": "2009-08-06T17:50:34",
        "db": "PACKETSTORM",
        "id": "80092"
      },
      {
        "date": "2009-08-11T01:57:48",
        "db": "PACKETSTORM",
        "id": "80246"
      },
      {
        "date": "2009-08-11T01:34:56",
        "db": "PACKETSTORM",
        "id": "80232"
      },
      {
        "date": "2009-09-10T00:41:18",
        "db": "PACKETSTORM",
        "id": "81085"
      },
      {
        "date": "2009-08-11T01:24:32",
        "db": "PACKETSTORM",
        "id": "80227"
      },
      {
        "date": "2009-08-11T01:05:43",
        "db": "PACKETSTORM",
        "id": "80226"
      },
      {
        "date": "2009-08-06T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      },
      {
        "date": "2009-08-06T15:30:00.280000",
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-04-13T21:40:00",
        "db": "BID",
        "id": "35949"
      },
      {
        "date": "2011-11-24T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      },
      {
        "date": "2023-04-28T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      },
      {
        "date": "2023-11-07T02:04:07.420000",
        "db": "NVD",
        "id": "CVE-2009-2412"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "81085"
      },
      {
        "db": "PACKETSTORM",
        "id": "80227"
      },
      {
        "db": "PACKETSTORM",
        "id": "80226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "APR Library and  APR-util Integer overflow vulnerability in the library",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2009-002016"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-200908-530"
      }
    ],
    "trust": 0.6
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.