nixpkgs/pkgs/development/libraries/libproxy
Martin Weinelt c0e0a6876f
libproxy: fix CVE-2020-25219, CVE-2020-26154
CVE-2020-25219:
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a
remote HTTP server to trigger uncontrolled recursion via a response
composed of an infinite stream that lacks a newline character. This
leads to stack exhaustion.

CVE-2020-26154:
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when
PAC is enabled, as demonstrated by a large PAC file that is delivered
without a Content-length header.

Fixes: CVE-2020-25219, CVE-2020-26154
2020-11-28 21:52:23 +01:00
..
default.nix