The problems will be fixed in 2.2.5 with commits
e0b290eb and
b4b89c2I have run into b4b89c2 and others on many 3rd-party modules so my VC versions less than 12 have custom headers in VC's include folder for stdbool, stdint, etc, depending on what's missing per VC version.
That said APR-util compiles in the static library so CVE-2017-11742 doesn't really exist for us I don't think.