Your message dated Sat, 28 Nov 2020 22:02:08 +0000 with message-id <e1kj8ic-000gwz...@fasolo.debian.org> and subject line Bug#968366: fixed in libproxy 0.4.15-5+deb10u1 has caused the Debian Bug report #968366, regarding libproxy: CVE-2020-26154: buffer overflow when PAC is enabled to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 968366: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968366 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: libproxy Version: 0.4.14-2 Severity: grave Justification: user security hole Tags: security upstream Forwarded: https://github.com/libproxy/libproxy/pull/126 X-Debbugs-Cc: Debian Security Team <t...@security.debian.org> Li Fei (@lifeibiren on Github) reported that if the server serving a PAC file sends more than 102400 bytes without a Content-Length present, libproxy can overflow its buffer by PAC_HTTP_BLOCK_SIZE (512) bytes. This PR is said to fix it, although I have not reviewed it in detail, and it would be better if someone who knows C++ better than me did the review: https://github.com/libproxy/libproxy/pull/126 Thanks to Michael Catanzaro for highlighting this as likely to be a security vulnerability during a more general conversation about libproxy. (Please reduce severity as desired if this is succesfully mitigated by some security measure - I'm assuming stack smashing is arbitrary code execution, but maybe it's just DoS.) >From source code inspection, versions >= 0.4.14-2 in stretch appear to be vulnerable. 0.4.11-4 in jessie does not appear to be vulnerable, because it assumes absence of Content-Length means a length of 0 (which is a bug, but not a security bug). Intermediate versions between jessie and stretch not checked. smcv
--- End Message ---
--- Begin Message ---Source: libproxy Source-Version: 0.4.15-5+deb10u1 Done: Salvatore Bonaccorso <car...@debian.org> We believe that the bug you reported is fixed in the latest version of libproxy, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 968...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated libproxy package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 14 Nov 2020 19:12:59 +0100 Source: libproxy Architecture: source Version: 0.4.15-5+deb10u1 Distribution: buster-security Urgency: high Maintainer: Debian GNOME Maintainers <pkg-gnome-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 968366 971394 Changes: libproxy (0.4.15-5+deb10u1) buster-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix buffer overflow when PAC is enabled (CVE-2020-26154) (Closes: #968366) * Rewrite url::recvline to be nonrecursive (CVE-2020-25219) (Closes: #971394) Checksums-Sha1: 0df4f99c6fc0dfe7164368f4e2b6e9b6711e1fb9 3780 libproxy_0.4.15-5+deb10u1.dsc 2dc0fc31cad78ce3d7a5ceb8fa8df07010f5c13e 93084 libproxy_0.4.15.orig.tar.gz e8b79ee2fc6586a1c64e700c75f35a0bebf3db75 13420 libproxy_0.4.15-5+deb10u1.debian.tar.xz 178f1c9990127ef52bd1580ebac6fef8e86c59e1 6825 libproxy_0.4.15-5+deb10u1_source.buildinfo Checksums-Sha256: 37f6507bbdb7048836668d4a568403bd01a4d9d76332c0914a278e7bb4a9a3ec 3780 libproxy_0.4.15-5+deb10u1.dsc 18f58b0a0043b6881774187427ead158d310127fc46a1c668ad6d207fb28b4e0 93084 libproxy_0.4.15.orig.tar.gz fb030935e8761becfb715d8b60c6c4de82158b1382dafa90d87e6bbb43d4d466 13420 libproxy_0.4.15-5+deb10u1.debian.tar.xz e5bf01ff41e3385773cfcf73f5f4a77333e85d9d115f86572e4e2544e87a92de 6825 libproxy_0.4.15-5+deb10u1_source.buildinfo Files: 3d3a0b00e6a078785a292b14d6dbc9c4 3780 libs optional libproxy_0.4.15-5+deb10u1.dsc 21ebe5b4ea2a04f5f468bf5d08c40d2c 93084 libs optional libproxy_0.4.15.orig.tar.gz deb09eb1610f04f52d07d6ca5c1c0bf3 13420 libs optional libproxy_0.4.15-5+deb10u1.debian.tar.xz a49355e4ea65e65bbdaa258a0289aae9 6825 libs optional libproxy_0.4.15-5+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl+wHrJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89ERMwP/1Gbu0N/ZlC7mTESNeJrghbxht+Oiq4T Sjg+xcFYHPdWJkdXrSi+0uzQE7m1TFm8ETSXnaRyNB7s2XAEcwJ93Uz5HClGDexJ E2Y7dU7XzYnrI9RImjtnorq5qyHfYqnUYAnQUs11XG7ApTsYqvlA44N7uJgKN5iA cjq5BnWN1k4b4VWYUt37w3bPZYwYLXFHLC7EH7Y8uSuSL2ISlByUiMGj1m0R5bUd 4mi+SaYTCuwPPOIPrJVzjzGQoNDjkLbAFVzncgmsD2Y3KH2hVppfGREJhYv20Voc 4IIyiuCQDujsWrFXyw+Ve3cdMDKtos5AHi8DaGNYVR6eNPWpQvUn0/JgBH3y/adY j2p0pVkia4aEG3k5Mb3OeVCdYGw4dR1O2UYw+pnKn1xzHCnNND1uiNwNSpLW2/mU NWUUgY/awyUiGuTPcuclGPGEpekuIjcQfWbGl33oOijZCRI3cuQOIRpGYrPAZkSy 9B0tmDl/7X494Z4qkVoj77+XeVLm47RJIUPZnOrxg5damL5QpQuTpQ/s4MIgCis2 ef/WC6jcRtAs+gQM3SVO25GKpuqSqAC+aZDpIXL+EVDVvWPJOJYZ8ixl1gm7xmyF lwGv553CoYZCFqJl30rvwPc2/ztWqhK+k/nYvuiXhWBRWz6WVO2hK+lqaEj7m9xr fdbJsb8Ijbxg =WIfj -----END PGP SIGNATURE-----
--- End Message ---
