[oe] [PATCH] libproxy: Fix for CVE-2012-4504
Paul Eggleton
paul.eggleton at linux.intel.com
Wed Nov 28 09:44:57 UTC 2012
Hi there,
On Wednesday 28 November 2012 10:42:58 yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu at windriver.com>
>
> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>
> Stack-based buffer overflow in the url::get_pac function in url.cpp
> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> unspecified impact via a large proxy.pac file.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>
> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
> ---
> recipes-support/libproxy/libproxy_0.4.7.bbappend | 5 +++++
> .../libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch | 15
Thanks for submitting this, but this is not the correct mailing list for
patches against OE-Core. Could you please apply this patch to OE-Core master
and then re-send the result to openembedded-core at lists.openembedded.org?
Thanks,
Paul
--
Paul Eggleton
Intel Open Source Technology Centre
More information about the Openembedded-devel
mailing list