oss-sec mailing list archives
Re: libproxy PAC downloading buffer overflows
From: Tomas Hoger <thoger () redhat com>
Date: Tue, 16 Oct 2012 15:49:15 +0200
On Fri, 12 Oct 2012 10:43:06 +0200 Tomas Hoger wrote:
libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz: http://code.google.com/p/libproxy/source/detail?r=853 https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504
Anyone updating 0.4.x version to fixed upstream version should consider picking 0.4.10, which fixes an infinite loop in the PAC downloading code (incorrectly fixed in 0.4.9, reportedly also breaking chunked encoding downloads). -- Tomas Hoger / Red Hat Security Response Team
Current thread:
- libproxy PAC downloading buffer overflows Tomas Hoger (Oct 12)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
- Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
- Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)
- Re: libproxy PAC downloading buffer overflows Tomas Hoger (Oct 16)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)