Your message dated Mon, 16 Nov 2020 19:04:34 +0000 with message-id <e1kejnm-0002e5...@fasolo.debian.org> and subject line Bug#968366: fixed in libproxy 0.4.15-15 has caused the Debian Bug report #968366, regarding libproxy: CVE-2020-26154: buffer overflow when PAC is enabled to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 968366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libproxy Version: 0.4.14-2 Severity: grave Justification: user security hole Tags: security upstream Forwarded: https://github.com/libproxy/libproxy/pull/126 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Li Fei (@lifeibiren on Github) reported that if the server serving a PAC file sends more than 102400 bytes without a Content-Length present, libproxy can overflow its buffer by PAC_HTTP_BLOCK_SIZE (512) bytes. This PR is said to fix it, although I have not reviewed it in detail, and it would be better if someone who knows C++ better than me did the review: https://github.com/libproxy/libproxy/pull/126 Thanks to Michael Catanzaro for highlighting this as likely to be a security vulnerability during a more general conversation about libproxy. (Please reduce severity as desired if this is succesfully mitigated by some security measure - I'm assuming stack smashing is arbitrary code execution, but maybe it's just DoS.) >From source code inspection, versions >= 0.4.14-2 in stretch appear to be vulnerable. 0.4.11-4 in jessie does not appear to be vulnerable, because it assumes absence of Content-Length means a length of 0 (which is a bug, but not a security bug). Intermediate versions between jessie and stretch not checked. smcv
--- End Message ---
--- Begin Message ---Source: libproxy Source-Version: 0.4.15-15 Done: Simon McVittie <s...@debian.org> We believe that the bug you reported is fixed in the latest version of libproxy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 968...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Simon McVittie <s...@debian.org> (supplier of updated libproxy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 16 Nov 2020 16:37:55 +0000 Source: libproxy Architecture: source Version: 0.4.15-15 Distribution: unstable Urgency: medium Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> Changed-By: Simon McVittie <s...@debian.org> Closes: 959030 968363 968366 971394 Changes: libproxy (0.4.15-15) unstable; urgency=medium . * Team upload . [ Salvatore Bonaccorso ] * Add patch from upstream to fix buffer overflow when PAC is enabled (CVE-2020-26154) (Closes: #968366) * Add patch from upstream rewriting url::recvline to be nonrecursive (CVE-2020-25219) (Closes: #971394) . [ Simon McVittie ] * Add additional bug-fix patches from upstream git - Fix memory leaks in the WebKit backend - Make sure mtime is initialized in the KDE backend - Correctly encode/decode Python Unicode strings (Closes: #959030) - Cope with settings larger than will fit in a single read() in the GSettings (GNOME 3) backend - Remove crash-prone proxy factory caching (Closes: #968363) - Make sure new/delete and new[]/delete[] are correctly paired - Disable mozjs backend by default - Never use a system copy of libmodman, even if one exists - Small performance optimizations (without which later patches won't apply) - Avoid deprecated C++ dynamic exception specifications * d/tests/mozjs: Remove obsolete test. We no longer compile the backend that this is responsible for testing. * d/tests: Remove flaky annotations. With the fixes I've imported from upstream git, these should hopefully all be reliable. * d/tests: Test default python3 version and all python3 versions separately. Add a missing dependency on python3-all for the python3-all test: during a transition between supported Python versions, we need both the old and the new version installed. Checksums-Sha1: 9297a7ee032285afc8ddd2d8940be8feda119732 3072 libproxy_0.4.15-15.dsc 0b9920f07a6424adb5785588d89b4d94d83e7cf2 25016 libproxy_0.4.15-15.debian.tar.xz 058a4ba45b2c9e3516be88e1c4220e5d346802f6 15420 libproxy_0.4.15-15_source.buildinfo Checksums-Sha256: ebcc69af1d0aa79374ebab2f26063a9c9c12e898bbcc2125a47a10a7c87f553e 3072 libproxy_0.4.15-15.dsc 4f8722f30ef01f0eea5697910fe5dc1b7f2ef88ba315a5c64b1118d27a4f85a4 25016 libproxy_0.4.15-15.debian.tar.xz 5c01fe72adfd25889e8cd30e1e49ef7fc2721650f4d23b4665c720c6ad0189ef 15420 libproxy_0.4.15-15_source.buildinfo Files: efaaa351e69ef84dc26095b393194401 3072 libs optional libproxy_0.4.15-15.dsc d7b64190e57f81ff9d3989701e4adf64 25016 libs optional libproxy_0.4.15-15.debian.tar.xz 4064b40e5ceee8f848f75861fe70f6b7 15420 libs optional libproxy_0.4.15-15_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAl+yx8sACgkQ4FrhR4+B TE9hRA/+I6vtteLciYUr/VGsN+XsH9Lg+L5D55Q6eBMuBCjVYBBUeF49ac3YPqUK XDEdng98nj90wLnItU9nBhjbUF1rMqO8CRL2uqDI1USSVVorqKY5wFmJNVwtfqUX 5eRlhgC1eUg7c90HmDRGTc/kOaa+TCq4WYNaHl+dw4Nn7X8esD9JhZY6xWleOx6i kfbeasCN5a/PRc41eVN+Nq7zXUeg89O20PseFKKteIlAD8WUKoeBWfIkwNr/dk3r UZOlHglMezccrP/zJO+Pr4iWeUeaLuvXLPidESp41b1OxQsReJAtNWZStjRc2AbM W/TraeT+do8Po5/xMkuoLRMAYgTpViTWKN/fhmZkFnGsX8d/Lw7nJcqXNDrk8Ngu azOo4F68+BcnWbh4VALVQcDuha8FYXGflmFYus6XkuEUP3zTMZfxdbnkqAeo4sAC MCU/EwqZG9HFuTElSPBvovAfVKKVAPmnE9dA93PXjQIi1pXpvscqvKBZZM1rEdOc gLVvajGF0e4kQby1f4i/aTjoVm7IKpCvBqUWUBBpxF82xIu87bzZhTdthsPgLkEK y/XGK9tJ/sJV207wAw1lkylGb0qIZcus4pTlj35u5t2520nXfwXF1gbqb98v4xXu ljZ8TK9NWNVWwCrkhzb8+pSl70R1uF0+HX1JhyBQNYD70xSrexo= =0bsl -----END PGP SIGNATURE-----
--- End Message ---
