[oe] [PATCH] libproxy: Fix for CVE-2012-4504
yzhu1
Yanjun.Zhu at windriver.com
Wed Nov 28 09:58:39 UTC 2012
On 11/28/2012 05:44 PM, Paul Eggleton wrote:
> Hi there,
>
> On Wednesday 28 November 2012 10:42:58 yanjun.zhu wrote:
>> From: "yanjun.zhu" <yanjun.zhu at windriver.com>
>>
>> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>>
>> Stack-based buffer overflow in the url::get_pac function in url.cpp
>> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
>> unspecified impact via a large proxy.pac file.
>>
>> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>>
>> Signed-off-by: yanjun.zhu <yanjun.zhu at windriver.com>
>> ---
>> recipes-support/libproxy/libproxy_0.4.7.bbappend | 5 +++++
>> .../libproxy/patches/libproxy-0.4.7-CVE-2012-4504.patch | 15
> Thanks for submitting this, but this is not the correct mailing list for
> patches against OE-Core. Could you please apply this patch to OE-Core master
> and then re-send the result to openembedded-core at lists.openembedded.org?
OK.
Thanks a lot.
Zhu Yanjun
> Thanks,
> Paul
>
More information about the Openembedded-devel
mailing list