From: yzhu1 <Yanjun.Zhu@windriver.com>
To: "yanjun.zhu" <yanjun.zhu@windriver.com>
Cc: openembedded-core@lists.openembedded.org
Subject: Re: [PATCH 1/1] libproxy: Fix for CVE-2012-4504
Date: Fri, 30 Nov 2012 13:44:55 +0800 [thread overview]
Message-ID: <50B847D7.6080004@windriver.com> (raw)
In-Reply-To: <1354254131-28004-1-git-send-email-yanjun.zhu@windriver.com>
Sorry. Please ignore this mail.
Thanks a lot.
Zhu Yanjun
On 11/30/2012 01:42 PM, yanjun.zhu wrote:
> From: "yanjun.zhu" <yanjun.zhu@windriver.com>
>
> Reference:https://code.google.com/p/libproxy/source/detail?r=853
>
> Stack-based buffer overflow in the url::get_pac function in url.cpp
> in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> unspecified impact via a large proxy.pac file.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
>
> [YOCTO #3487]
> Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> ---
> .../libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch | 10 ++++++++++
> 1 file changed, 10 insertions(+)
>
> diff --git a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> index 323a571..cc1d508 100644
> --- a/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> +++ b/meta/recipes-support/libproxy/libproxy/libproxy-0.4.7-CVE-2012-4504.patch
> @@ -1,3 +1,13 @@
> +Reference:https://code.google.com/p/libproxy/source/detail?r=853
> +
> +Stack-based buffer overflow in the url::get_pac function in url.cpp
> +in libproxy 0.4.x before 0.4.9 allows remote servers to have an
> +unspecified impact via a large proxy.pac file.
> +
> +http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504
> +
> +Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
> +
> diff -urpN a/libproxy/url.cpp b/libproxy/url.cpp
> --- a/libproxy/url.cpp 2012-11-26 10:08:47.000000000 +0800
> +++ b/libproxy/url.cpp 2012-11-26 10:05:54.000000000 +0800
next prev parent reply other threads:[~2012-11-30 5:59 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <3487>
2012-11-28 10:13 ` [oe][PATCH] libproxy: Fix for CVE-2012-4504 yanjun.zhu
2012-11-29 17:45 ` Saul Wold
2012-11-30 5:42 ` [PATCH 1/1] " yanjun.zhu
2012-11-30 5:44 ` yzhu1 [this message]
2012-11-30 6:04 ` yanjun.zhu
2012-11-30 11:08 ` yanjun.zhu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=50B847D7.6080004@windriver.com \
--to=yanjun.zhu@windriver.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox