libproxy: fix CVE-2020-25219, CVE-2020-26154
CVE-2020-25219: url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-26154: url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Fixes: CVE-2020-25219, CVE-2020-26154
This commit is contained in:
parent
ebe455a410
commit
c0e0a6876f
1 changed files with 11 additions and 0 deletions
|
@ -71,6 +71,17 @@ stdenv.mkDerivation rec {
|
|||
url = "https://github.com/libproxy/libproxy/pull/95.patch";
|
||||
sha256 = "18vyr6wlis9zfwml86606jpgb9mss01l9aj31iiciml8p857aixi";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2020-25219.patch";
|
||||
url = "https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0.patch";
|
||||
sha256 = "0wdh9qjq99aw0jnf2840237i3hagqzy42s09hz9chfgrw8pyr72k";
|
||||
})
|
||||
(fetchpatch {
|
||||
name = "CVE-2020-26154.patch";
|
||||
url = "https://github.com/libproxy/libproxy/commit/4411b523545b22022b4be7d0cac25aa170ae1d3e.patch";
|
||||
sha256 = "0pdy9sw49lxpaiwq073cisk0npir5bkch70nimdmpszxwp3fv1d8";
|
||||
})
|
||||
|
||||
] ++ stdenv.lib.optionals stdenv.isDarwin [
|
||||
(fetchpatch {
|
||||
url = "https://github.com/libproxy/libproxy/commit/44158f03f8522116758d335688ed840dfcb50ac8.patch";
|
||||
|
|
Loading…
Reference in a new issue