oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libproxy PAC downloading buffer overflows

From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 12 Oct 2012 07:46:47 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/12/2012 02:43 AM, Tomas Hoger wrote:

Hi!

libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz:

http://code.google.com/p/libproxy/source/detail?r=853 
https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E



https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504


Upstream announcement also mentions another issue - CVE-2012-4505.
It is related, but different problem that was found in pre-0.4
versions while investigating if they were affected by
CVE-2012-4504.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505



Please use CVE-2012-4521 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQeB9HAAoJEBYNRVNeJnmTXlwP/3NMEppbXkbdYPGNS4Rj3lX8
flnu+WxGy3kC0VDlzTXlmNtssy4/XoKxi4lKAcq97XOeLcZA9GeYTQPJI3DY4406
7CZEtZXM+n2wRbP1u0H+8s3wpzkfddTV7Oc9MvnwVdfr2qll5Q8Jj7offMat1TF1
nuf36c/jFG/7Dc7DES1OdEgE57JzWdGWwLmirMOwwrWMrdawa/i4lDIqOp+yTG5/
jaLrs2AkW7UJi92QvnBJbHfINcwHRv+KpYJVjaCbo7s8fqw11+kZkm1tR0T3RnLo
gpU6ISjYiFM1JhHGKdVBIWJCDAEQ+vzeOK5kJ8mkOf8kPInk8dAMI2gCSg4PPG/c
Nh8h7KV9+HNFhpomH5+WjTESHs8KVYIYYH3DbXb172rnSmlqI1FpqNRo45k+yjPx
D2XAiYdlHYTugqght8wM8OEO4AKqwzCAFAptE8Ak+0BQIPO+sQMvYxWNxGej+RwZ
1ADyQzo3eIABhxTLq718gTW7TkB8ZtUbUgC0RPT0te+86iMtDiFYLRgU9yLCtQTI
l7yBt6jaLM6efauO0utSqLOKuBOHa2X6/slRer7dVCoMQdcgo9iF+YOiTDuI0KjB
W0/8HMJtZn2n7cHzemxMDjopnnJzq+hQ1psFrNKbzCG1d6kc+j7lCb5R3nxwpVdX
CRerMxVX7boJjOYJT8Jm
=3BoN
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: