Bug#690376: libproxy: PAC handling insufficient content length check leading to buffer overflow
Thijs Kinkhorst
thijs at debian.org
Sat Oct 13 13:16:05 UTC 2012
Package: libproxy
Severity: serious
Tags: security fixed-upstream patch
Hi,
A buffer overflow was discovered in the PAC handling which lacks a
sufficient content length check.
The following bug report describes the issue and a proposed fix for the
0.3 branch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505
This is CVE-2012-4505.
Note that a similar issue was discovered earlier in the 0.4 branch
(CVE-2012-4504) which does not affect the 0.3 branch (and thus Debian).
Can you please upload a fixed package to unstable and ensure transition to
wheezy? Are you able to provide an update for squeeze?
thanks,
Thijs
More information about the pkg-gnome-maintainers
mailing list