nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-12-17 10:24:15 +00:00

History

Martin Weinelt c0e0a6876f libproxy: fix CVE-2020-25219, CVE-2020-26154 CVE-2020-25219: url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-26154: url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Fixes: CVE-2020-25219, CVE-2020-26154	2020-11-28 21:52:23 +01:00
..
default.nix

libproxy: fix CVE-2020-25219, CVE-2020-26154

CVE-2020-25219:
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a
remote HTTP server to trigger uncontrolled recursion via a response
composed of an infinite stream that lacks a newline character. This
leads to stack exhaustion.

CVE-2020-26154:
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when
PAC is enabled, as demonstrated by a large PAC file that is delivered
without a Content-length header.

Fixes: CVE-2020-25219, CVE-2020-26154

2020-11-28 21:52:23 +01:00

default.nix