From patchwork Fri Nov 30 05:42:11 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [1/1] libproxy: Fix for CVE-2012-4504 Date: Fri, 30 Nov 2012 05:42:11 -0000 From: yanjun.zhu X-Patchwork-Id: 39935 Message-Id: <1354254131-28004-1-git-send-email-yanjun.zhu@windriver.com> To: From: "yanjun.zhu" Reference:https://code.google.com/p/libproxy/source/detail?r=853 Stack-based buffer overflow in the url::get_pac function in url.cpp in libproxy 0.4.x before 0.4.9 allows remote servers to have an unspecified impact via a large proxy.pac file. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 [YOCTO #3487] Signed-off-by: yanjun.zhu --- .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch index 323a571..cc1d508 100644 --- a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch @@ -1,3 +1,13 @@ +Reference:https://code.google.com/p/libproxy/source/detail?r=853 + +Stack-based buffer overflow in the url::get_pac function in url.cpp +in libproxy 0.4.x before 0.4.9 allows remote servers to have an +unspecified impact via a large proxy.pac file. + +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504 + +Signed-off-by: yanjun.zhu + diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp --- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800 +++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800