-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  apr/apr-util (SSA:2011-133-01)

New apr and apr-util packages are available for Slackware 11.0, 12.0, 12.1,
12.2, 13.0, 13.1, 13.37, and -current to fix a security issue.


Here are the details from the Slackware 13.37 ChangeLog:
+--------------------------+
patches/packages/apr-1.4.4-i486-1_slack13.37.txz:  Upgraded.
  This fixes a possible denial of service due to an unconstrained, recursive
  invocation of apr_fnmatch().  This function has been reimplemented using a
  non-recursive algorithm.  Thanks to William Rowe.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0419
  (* Security fix *)
patches/packages/apr-util-1.3.11-i486-1_slack13.37.txz:  Upgraded.
+--------------------------+


Where to find the new packages:
+-----------------------------+

HINT:  Getting slow download speeds from ftp.slackware.com?
Give slackware.osuosl.org a try.  This is another primary FTP site
for Slackware that can be considerably faster than downloading
directly from ftp.slackware.com.

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating additional FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 11.0:

Updated package for Slackware 12.0:

Updated package for Slackware 12.1:

Updated package for Slackware 12.2:

Updated package for Slackware 13.0:

Updated package for Slackware x86_64 13.0:

Updated package for Slackware 13.1:

Updated package for Slackware 13.37:

Updated package for Slackware x86_64 13.1:

Updated package for Slackware x86_64 13.37:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 11.0 package:
0b18b21f2709e592f2d829323c8db2bd  apr-1.4.4-i486-1_slack11.0.tgz
6313ea5ec365a07c86eaaba2ae5a7696  apr-util-1.3.11-i486-1_slack11.0.tgz

Slackware 12.0 package:
b9b2c76b963a9dcba68c54172dbfd2e8  apr-1.4.4-i486-1_slack12.0.tgz
015ad6f362a378efd18f12cb9ecc7c9d  apr-util-1.3.11-i486-1_slack12.0.tgz

Slackware 12.1 package:
9e80da5d7f8f823a2ed9936b3cd0269b  apr-1.4.4-i486-1_slack12.1.tgz
00ab57f63b1c30c7cf6cfcea365badb1  apr-util-1.3.11-i486-1_slack12.1.tgz

Slackware 12.2 package:
aee097dbd39db150302d02f86d92609e  apr-1.4.4-i486-1_slack12.2.tgz
e61f61b8723bd06da8275e015ea03eac  apr-util-1.3.11-i486-1_slack12.2.tgz

Slackware 13.0 package:
023e7e77f01816d92a707546d570ec79  apr-1.4.4-i486-1_slack13.0.txz
e168ac8e42e201c7af87c3fd231ec95f  apr-util-1.3.11-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
7343a01be2f8a38118c75aa5133a7958  apr-1.4.4-x86_64-1_slack13.0.txz
458a11c15ed52db5b510c7d1aea065d5  apr-util-1.3.11-x86_64-1_slack13.0.txz

Slackware 13.1 package:
39a284a31204f0572d9e732df2e51c92  apr-1.4.4-i486-1_slack13.1.txz
fd264ef731d61afa627489dec1ed6d37  apr-util-1.3.11-i486-1_slack13.1.txz

Slackware 13.37 package:
2afbb475a8a0e4b5f48d42d2ba49a668  apr-1.4.4-i486-1_slack13.37.txz
a0e0f77943e718f26c448f7da7590406  apr-util-1.3.11-i486-1_slack13.37.txz

Slackware x86_64 13.1 package:
232289470e6486f08f7b9ee3755c055e  apr-1.4.4-x86_64-1_slack13.1.txz
777badbae85f141b55b370337967c55c  apr-util-1.3.11-x86_64-1_slack13.1.txz

Slackware x86_64 13.37 package:
9a2d329a4cdabb9369e9ed7e78cdffcf  apr-1.4.4-x86_64-1_slack13.37.txz
6ba07cc7e5cab3ac648d0012783fe455  apr-util-1.3.11-x86_64-1_slack13.37.txz

Slackware -current package:
4e010ab165a7504563f316db5b0e34ac  apr-1.4.4-i486-1.txz
7c4c1d8febf9e51a95b627e6631ea2b2  apr-util-1.3.11-i486-1.txz

Slackware x86_64 -current package:
5707d225f07da633c67773f6cc6d3fd6  apr-1.4.4-x86_64-1.txz
31d3ce32a2e964ab3128804077cdccd0  apr-util-1.3.11-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the packages as root:
# upgradepkg apr-1.4.4-i486-1_slack13.37.txz apr-util-1.3.11-i486-1_slack13.37.txz


+-----+