Bug#968366: libproxy#126: buffer overflow when PAC is enabled
Salvatore Bonaccorso
carnil at debian.org
Sat Nov 14 16:21:37 GMT 2020
Control: tags -1 + fixed-upstream
Hi,
On Thu, Aug 13, 2020 at 04:36:59PM +0100, Simon McVittie wrote:
> Source: libproxy
> Version: 0.4.14-2
> Severity: grave
> Justification: user security hole
> Tags: security upstream
> Forwarded: https://github.com/libproxy/libproxy/pull/126
> X-Debbugs-Cc: Debian Security Team <team at security.debian.org>
>
> Li Fei (@lifeibiren on Github) reported that if the server serving a PAC
> file sends more than 102400 bytes without a Content-Length present,
> libproxy can overflow its buffer by PAC_HTTP_BLOCK_SIZE (512) bytes.
>
> This PR is said to fix it, although I have not reviewed it in detail, and
> it would be better if someone who knows C++ better than me did the review:
>
> https://github.com/libproxy/libproxy/pull/126
FTWIW, the fix has been merged upstream.
Regards,
Salvatore
More information about the pkg-gnome-maintainers
mailing list