Ronald Crane discovered that missing input saniting in the apr_base64
functions of apr-util, the Apache Portable Runtime utility library, may
result in denial of service or potentially the execution of arbitrary
For the stable distribution (bullseye), this problem has been fixed in
We recommend that you upgrade your apr-util packages.