oss-sec mailing list archives
Re: libproxy PAC downloading buffer overflows
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 12 Oct 2012 08:16:58 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/12/2012 08:02 AM, Matthias Weckbecker wrote:
On Friday 12 October 2012 15:46:47 Kurt Seifried wrote:On 10/12/2012 02:43 AM, Tomas Hoger wrote:Hi! libproxy 0.4.9 fixes a buffer overflow reported by Tomas Mraz: http://code.google.com/p/libproxy/source/detail?r=853 https://groups.google.com/forum/?fromgroups=#!topic/libproxy/VxZ8No7mT0E
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4504
Upstream announcement also mentions another issue - CVE-2012-4505. It is related, but different problem that was found in pre-0.4 versions while investigating if they were affected by CVE-2012-4504. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505Please use CVE-2012-4521 for this issue.Wasn't this rather a CVE notification than a CVE request? At least it looked like this to me. The announcement mentions two CVE. Matthias
Please REJECT CVE-2012-4521, sorry I literally just woke up and can't read so good it seems. Mea culpa. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQIcBAEBAgAGBQJQeCZaAAoJEBYNRVNeJnmTw/4QALxRjQNmDcaTVp3F1J+dESnU JZLy2QX22cfgXIj6SW4bZI8CMSCfUHfiYsPcOMTnSNsKpCZIb/HonhIfqyuRQilU ZLuPiA9DsUqlgD7MXCsQIXbSia3oNusWgh7Me5ntaA601mWFZFS9E3HWM4UY1m7W iq7LuF2Q+9ZKvgw9kETIYAUnjo78ZtqYImBaE1ZAS2+vxTuIg30hbt3eMBksgsW8 LPYgA6REetSkyi6kxoV02avhcASBh20mIvrABH0KWqXr6+Ivw4BxUddbXbnwTYJP eZvei439bypDnU6t+a+Jqd2MFIWNifSyqsGu3gkgX2P72xDGMBhUVdX/bNu3ditI SBo3DfH+vueE4wclQhlRyu6apBna4kPXnJM2wtiK1k+ND7HNUT/H5z8isLA0m4NH Ci5jpHtq8OQTFxlpwjmHfhWERsRhWI/JDfkKWu/ovR836hNolBCU8/2UihV4MQKO Uivf3/JbkkIB1BM55Yv5uUVEIVjxT6mzEFWjUbP0PLrQlKa6SFAXRRtYTHk/hnCt h1qInmrzrovwZiansGs9Sm4X6gW2N+0hiAsMJUb6PuTRlqGqKfwmc0HexxbCpOw1 yQ/k9Z/PBHMVhiVlro7sFdHUqeak60cIDRXJzamOG96HlQC0W3TJ8QXJQgFdySBL uZ26meQPR3om/cvPe1m8 =GvzZ -----END PGP SIGNATURE-----
Current thread:
- libproxy PAC downloading buffer overflows Tomas Hoger (Oct 12)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
- Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)
- Re: libproxy PAC downloading buffer overflows Matthias Weckbecker (Oct 12)
- Re: libproxy PAC downloading buffer overflows Tomas Hoger (Oct 16)
- Re: libproxy PAC downloading buffer overflows Kurt Seifried (Oct 12)