diff options
author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-11-28 21:52:23 +0100 |
---|---|---|
committer | Martin Weinelt <hexa@darmstadt.ccc.de> | 2020-11-28 21:52:23 +0100 |
commit | c0e0a6876f8377096223c39d035924f77c9dcff1 (patch) | |
tree | 2831e5403de8ffc961f5e94ae5837682dfc856b6 | |
parent | ebe455a410c261c033d4297954c73c3884511ea8 (diff) | |
download | nixpkgs-c0e0a6876f8377096223c39d035924f77c9dcff1.tar nixpkgs-c0e0a6876f8377096223c39d035924f77c9dcff1.tar.gz nixpkgs-c0e0a6876f8377096223c39d035924f77c9dcff1.tar.bz2 nixpkgs-c0e0a6876f8377096223c39d035924f77c9dcff1.tar.lz nixpkgs-c0e0a6876f8377096223c39d035924f77c9dcff1.tar.xz nixpkgs-c0e0a6876f8377096223c39d035924f77c9dcff1.tar.zst nixpkgs-c0e0a6876f8377096223c39d035924f77c9dcff1.zip |
libproxy: fix CVE-2020-25219, CVE-2020-26154
CVE-2020-25219: url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger uncontrolled recursion via a response composed of an infinite stream that lacks a newline character. This leads to stack exhaustion. CVE-2020-26154: url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. Fixes: CVE-2020-25219, CVE-2020-26154
-rw-r--r-- | pkgs/development/libraries/libproxy/default.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/pkgs/development/libraries/libproxy/default.nix b/pkgs/development/libraries/libproxy/default.nix index 61c25e183bd..7fcc8c58c1c 100644 --- a/pkgs/development/libraries/libproxy/default.nix +++ b/pkgs/development/libraries/libproxy/default.nix @@ -71,6 +71,17 @@ stdenv.mkDerivation rec { url = "https://github.com/libproxy/libproxy/pull/95.patch"; sha256 = "18vyr6wlis9zfwml86606jpgb9mss01l9aj31iiciml8p857aixi"; }) + (fetchpatch { + name = "CVE-2020-25219.patch"; + url = "https://github.com/libproxy/libproxy/commit/a83dae404feac517695c23ff43ce1e116e2bfbe0.patch"; + sha256 = "0wdh9qjq99aw0jnf2840237i3hagqzy42s09hz9chfgrw8pyr72k"; + }) + (fetchpatch { + name = "CVE-2020-26154.patch"; + url = "https://github.com/libproxy/libproxy/commit/4411b523545b22022b4be7d0cac25aa170ae1d3e.patch"; + sha256 = "0pdy9sw49lxpaiwq073cisk0npir5bkch70nimdmpszxwp3fv1d8"; + }) + ] ++ stdenv.lib.optionals stdenv.isDarwin [ (fetchpatch { url = "https://github.com/libproxy/libproxy/commit/44158f03f8522116758d335688ed840dfcb50ac8.patch"; |