[OE-core] [PATCH 1/1] libproxy: Fix for CVE-2012-4504
yanjun.zhu
yanjun.zhu at windriver.com
Fri Nov 30 05:42:11 UTC 2012
From: "yanjun.zhu" <yanjun.zhu at windriver.com>
Reference:https://code.google.com/p/libproxy/source/detail?r=853
Stack-based buffer overflow in the url::get_pac function in url.cpp
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
unspecified impact via a large proxy.pac file.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
[YOCTO #3487]
Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
---
.../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
index 323a571..cc1d508 100644
--- a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
+++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
@@ -1,3 +1,13 @@
+Reference:https://code.google.com/p/libproxy/source/detail?r=853
+
+Stack-based buffer overflow in the url::get_pac function in url.cpp
+in libproxy 0.4.x before 0.4.9 allows remote servers to have an
+unspecified impact via a large proxy.pac file.
+
+http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
+
+Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
+
diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
--- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
+++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
--
1.7.11
More information about the Openembedded-core
mailing list