Debian Bug report logs - #690376
libproxy: PAC handling insufficient content length check leading to buffer overflow

version graph

Package: libproxy; Maintainer for libproxy is Emilio Pozuelo Monfort <pochu@debian.org>;

Reported by: "Thijs Kinkhorst" <thijs@debian.org>

Date: Sat, 13 Oct 2012 13:21:02 UTC

Severity: serious

Tags: fixed-upstream, patch, security

Fixed in version libproxy/0.3.1-5.1

Done: Michael Gilbert <mgilbert@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Emilio Pozuelo Monfort <pochu@debian.org>:
Bug#690376; Package libproxy. (Sat, 13 Oct 2012 13:21:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to "Thijs Kinkhorst" <thijs@debian.org>:
New Bug report received and forwarded. Copy sent to Emilio Pozuelo Monfort <pochu@debian.org>. (Sat, 13 Oct 2012 13:21:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: "Thijs Kinkhorst" <thijs@debian.org>
To: submit@bugs.debian.org
Subject: libproxy: PAC handling insufficient content length check leading to buffer overflow
Date: Sat, 13 Oct 2012 15:16:05 +0200
Package: libproxy
Severity: serious
Tags: security fixed-upstream patch

Hi,

A buffer overflow was discovered in the PAC handling which lacks  a
sufficient content length check.

The following bug report describes the issue and a proposed fix for the
0.3 branch: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-4505
This is CVE-2012-4505.

Note that a similar issue was discovered earlier in the 0.4 branch
(CVE-2012-4504) which does not affect the 0.3 branch (and thus Debian).

Can you please upload a fixed package to unstable and ensure transition to
wheezy? Are you able to provide an update for squeeze?


thanks,
Thijs



Information forwarded to debian-bugs-dist@lists.debian.org, Emilio Pozuelo Monfort <pochu@debian.org>:
Bug#690376; Package libproxy. (Sat, 27 Oct 2012 09:09:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Emilio Pozuelo Monfort <pochu@debian.org>. (Sat, 27 Oct 2012 09:09:02 GMT) Full text and rfc822 format available.

Message #10 received at 690376@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 690376@bugs.debian.org
Subject: re: cve-2012-4505
Date: Sat, 27 Oct 2012 05:05:42 -0400
[Message part 1 (text/plain, inline)]
control: tag -1 patch

Hi, I've uploaded an nmu fixing this issue.  Please see attached patch.

Best wishes,
Mike
[libproxy.patch (application/octet-stream, attachment)]

Reply sent to Michael Gilbert <mgilbert@debian.org>:
You have taken responsibility. (Sat, 27 Oct 2012 09:18:13 GMT) Full text and rfc822 format available.

Notification sent to "Thijs Kinkhorst" <thijs@debian.org>:
Bug acknowledged by developer. (Sat, 27 Oct 2012 09:18:13 GMT) Full text and rfc822 format available.

Message #15 received at 690376-close@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: 690376-close@bugs.debian.org
Subject: Bug#690376: fixed in libproxy 0.3.1-5.1
Date: Sat, 27 Oct 2012 09:17:42 +0000
Source: libproxy
Source-Version: 0.3.1-5.1

We believe that the bug you reported is fixed in the latest version of
libproxy, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 690376@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <mgilbert@debian.org> (supplier of updated libproxy package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 27 Oct 2012 04:44:22 -0400
Source: libproxy
Binary: libproxy0 libproxy-dev libproxy-tools python-libproxy
Architecture: source all amd64
Version: 0.3.1-5.1
Distribution: unstable
Urgency: high
Maintainer: Emilio Pozuelo Monfort <pochu@debian.org>
Changed-By: Michael Gilbert <mgilbert@debian.org>
Description: 
 libproxy-dev - automatic proxy configuration management library (devel)
 libproxy-tools - automatic proxy configuration management library (tools)
 libproxy0  - automatic proxy configuration management library (shared)
 python-libproxy - automatic proxy configuration management library (python)
Closes: 690376
Changes: 
 libproxy (0.3.1-5.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * Fix cve-2012-4505: buffer overflow in lib/pac.c (closes: #690376).
Checksums-Sha1: 
 89c6ff094de0780fa5f0d796a36a127b604988df 3106 libproxy_0.3.1-5.1.dsc
 4c198dba56a23cc02eb15c763d75316eddedd20c 6899 libproxy_0.3.1-5.1.debian.tar.gz
 1e8e8b14b6ee446c178c85cfafa0cff935ebefa2 10300 python-libproxy_0.3.1-5.1_all.deb
 4670128133fd2ad1fc08f27b6ab3fe69b1399691 37006 libproxy0_0.3.1-5.1_amd64.deb
 af68b90c5932963f21fc9d604dbb28240d1537fb 9990 libproxy-dev_0.3.1-5.1_amd64.deb
 9bf1d519fc74c472a07ff38b7bfa4ed07323e55b 11158 libproxy-tools_0.3.1-5.1_amd64.deb
Checksums-Sha256: 
 30243da4400e7cc1247038a27153b5e705799db8476f15cb30323fb74fe63668 3106 libproxy_0.3.1-5.1.dsc
 c33d18837a560f952f95a0254180b197a899f1ac38f2529505c1a363fd414b02 6899 libproxy_0.3.1-5.1.debian.tar.gz
 cbd4305e7c46165a2165a7d0c8547f690d6e90028279fb9c61e67f4b39d8e3f3 10300 python-libproxy_0.3.1-5.1_all.deb
 b144c23417bafbae2174ce39dc301e3fb6bd926dfe364a0fa9ce67528fb1ccc4 37006 libproxy0_0.3.1-5.1_amd64.deb
 6baa844d618f79fbab03e9d20f2a93b3a46b7153f45625f05d88c201a737f957 9990 libproxy-dev_0.3.1-5.1_amd64.deb
 944ca61bf47d23573cc19c3e8a5faa27321e144028877b2303759c45458d575b 11158 libproxy-tools_0.3.1-5.1_amd64.deb
Files: 
 838d487c81d4cc90005707e62eb00235 3106 libs optional libproxy_0.3.1-5.1.dsc
 a44520d9bcf3b07934277120643ac409 6899 libs optional libproxy_0.3.1-5.1.debian.tar.gz
 1ad488d80aa80a437b024a7b791146c4 10300 python optional python-libproxy_0.3.1-5.1_all.deb
 d43e68c54d4da50cbcda65f8ae7cbd1f 37006 libs optional libproxy0_0.3.1-5.1_amd64.deb
 97910cba06e775a307a9fc1fac38dc24 9990 libdevel optional libproxy-dev_0.3.1-5.1_amd64.deb
 5d002fdde2f38ba4c10eb1476f7e76c2 11158 utils optional libproxy-tools_0.3.1-5.1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQQcBAEBCAAGBQJQi6FbAAoJELjWss0C1vRz8k0f/1ikV4Q3BF1lG88HjNtRbrkb
/35SW7a/+31BONRuUYqPRRzZ0gS1R9xDpSd0UCWqf6QW7+05fLfzQaS870pNtlk6
vszskwXfPrjluDIwUxc/sMAiZqZWtgc75kBihgmssWi0SLu+fcyFQTyW9mZebUJD
E/bnstah5nbg6dFxzRcY5f6XPk+SZ15iPoGucB2MQDY1HfolLFy/JY74Xz3QD7Wh
+gDfl3dM/S6fXcOjxvk3lujwSOI1/7LCaC4CQeOdymdKHxBGXvZbBv5zywHaExfd
X2T9iFC7npG90gB2zDm5KQkdccYJ2kXqBvi8W+YJqvubqvR2s5vZFGmN6uhNLDu6
Y72dkURFUEZMgAmD640gtkh4cnKBxrOxgWhK0sa0Gdz2ZmzNHq+wI2LB5BJsnbko
nAokSY7VRWLIPdS1CyvOkflivLxSytcBa+bFCFikfROOoKJgP52oNx5W2jQMH3Pb
c29WBCSqfnumzfKesnwHWnrCEVwIb81Ik1o3YCVEKBZ0Tsv0obzGeIY3d6TYF48n
N863cwY8JHQMQXwA5Gph5ZzTep8E8mFKAbaM5gHMcyEWF0UBMllDTTwkrxMwyGcN
K9LBsEsEUkgVL1N5smGGLXYaQwHew2+9XQByT3WXho9curcJy6QH6rLZ5YIYEnjb
xjfiyXecte6wGyceOi1+x7OrOQCWxfO1SZFD2yVj1Cj3tvaZrHBXdO1TQoUvIX5i
JKT22vRPcQwnBlhMmg9JgFhBeB5Jx5nwMVBdaK3siQmt6Gz7yl81mEivOMCqT4f0
GAZ1O/ZyzWT9WCAO4olKk0DnsRBlqrbGgVSE/29ky+scnfb2wVzT4H0kkkk3jLIY
v6GAovKNn1gvLeRuSPak6LMHqzgC1Jm00vnB5yIC5MV2U2GL9Tr1ZJ2071a8QLIv
hBDT4Z8zG0eOTiUsIAjN/1/A1Ktz2qskqRg8eHQEmFnKYgbjPdqW9eMsHJSlxGGQ
4+36N1avYI93isNj8W9RHP5fMNGqNsmc3Qr0C34hNlwfM9a7eB3ESq+vMFd/cU2x
AaRRpFOHD0kUdkKQ8Rikb7AchHukxtzqP5mgWh1MyPQfI+w9Jv5pvC+xDEvQGhwP
fLgU9cgpgJqxm91IGC0d/d5hua6Gx44CHeQFbnyxvBf4RvNtwggZD9O3KypyzQuY
bDZ++FXGLKd3/jy4P65z8L/lWKS0mNlVk0m6lO5fRehgJBACNDQSe/1Y0pN47NN9
bcecyyQa+5yBRtJw+qX3QvrWegwRf83MpgbTDEbjyGidXjMEDAhmtfk8pTlPvacG
GmAGG5+614gGkPmOo5t0GnvP8Gm3jxwCvVFLCX6GRtACG9YDqKnhJjCQCCaaRrk=
=FbIE
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 16 Mar 2013 07:29:03 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:43:39 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.