Ubuntu Security Notice USN-813-1 – Matt Lewis discovered that apr did not properly sanitize its input when allocating memory. If an application using apr processed crafted input, a remote attacker could cause a denial of service or potentially execute arbitrary code as the user invoking the application.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/80226/USN-813-1.txt
Source: https://packetstormsecurity.com/files/80226/Ubuntu-Security-Notice-813-1.html