Patchwork [1/1] libproxy: Fix for CVE-2012-4504

login
register
mail settings
Submitter yanjun.zhu
Date Nov. 30, 2012, 5:42 a.m.
Message ID <1354254131-28004-1-git-send-email-yanjun.zhu@windriver.com>
Download mbox | patch
Permalink /patch/39935/
State New
Headers show

Comments

yanjun.zhu - Nov. 30, 2012, 5:42 a.m.
From: "yanjun.zhu" <yanjun.zhu@windriver.com>

Reference:https://code.google.com/p/libproxy/source/detail?r=853

Stack-based buffer overflow in the url::get_pac function in url.cpp
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
unspecified impact via a large proxy.pac file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504

[YOCTO #3487]
Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
---
 .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch       | 10 ++++++++++
 1 file changed, 10 insertions(+)
yanjun.zhu - Nov. 30, 2012, 5:44 a.m.
Sorry. Please ignore this mail.

Thanks a lot.
Zhu Yanjun

On 11/30/2012 01:42 PM, yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>
> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>
> Stack-based buffer overflow in the url::get_pac function in url.cpp
> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> unspecified impact via a large proxy.pac file.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>
> [YOCTO #3487]
> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> ---
>   .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch       | 10 ++++++++++
>   1 file changed, 10 insertions(+)
>
> diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> index 323a571..cc1d508 100644
> --- a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> @@ -1,3 +1,13 @@
> +Reference:https://code.google.com/p/libproxy/source/detail?r=853
> +
> +Stack-based buffer overflow in the url::get_pac function in url.cpp
> +in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> +unspecified impact via a large proxy.pac file.
> +
> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
> +
> +Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> +
>   diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
>   --- a/libproxy/url.cpp	2012-11-26 10:08:47.000000000 +0800
>   +++ b/libproxy/url.cpp	2012-11-26 10:05:54.000000000 +0800

Patch

diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
index 323a571..cc1d508 100644
--- a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
+++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
@@ -1,3 +1,13 @@ 
+Reference:https://code.google.com/p/libproxy/source/detail?r=853
+
+Stack-based buffer overflow in the url::get_pac function in url.cpp
+in libproxy 0.4.x before 0.4.9 allows remote servers to have an
+unspecified impact via a large proxy.pac file.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
+
+Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com> 
+
 diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
 --- a/libproxy/url.cpp	2012-11-26 10:08:47.000000000 +0800
 +++ b/libproxy/url.cpp	2012-11-26 10:05:54.000000000 +0800