Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
base: f0323b5bc14e
Choose a base ref
...
head repository: NixOS/nixpkgs
compare: 76587f2c1a32
Choose a head ref
  • 2 commits
  • 1 file changed
  • 2 contributors

Commits on Nov 28, 2020

  1. libproxy: fix CVE-2020-25219, CVE-2020-26154 

    CVE-2020-25219:
url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a
remote HTTP server to trigger uncontrolled recursion via a response
composed of an infinite stream that lacks a newline character. This
leads to stack exhaustion.

CVE-2020-26154:
url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when
PAC is enabled, as demonstrated by a large PAC file that is delivered
without a Content-length header.

Fixes: CVE-2020-25219, CVE-2020-26154
    @mweinelt
    mweinelt committed Nov 28, 2020
    Copy the full SHA
    c0e0a68 View commit details
    Browse the repository at this point in the history

Commits on Nov 30, 2020

  1. Merge pull request #105287 from mweinelt/libproxy 

    libproxy: fix CVE-2020-25219, CVE-2020-26154
    @andir
    andir committed Nov 30, 2020
    Copy the full SHA
    76587f2 View commit details
    Browse the repository at this point in the history