Source: pacparser Version: 1.3.6-1.1 Severity: important Tags: security upstream Forwarded: https://github.com/manugarg/pacparser/issues/99 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for pacparser. CVE-2019-25078[0]: | A vulnerability classified as problematic was found in pacparser up to | 1.3.x. Affected by this vulnerability is the function | pacparser_find_proxy of the file src/pacparser.c. The manipulation of | the argument url leads to buffer overflow. Attacking locally is a | requirement. Upgrading to version 1.4.0 is able to address this issue. | The name of the patch is 853e8f45607cb07b877ffd270c63dbcdd5201ad9. It | is recommended to upgrade the affected component. The associated | identifier of this vulnerability is VDB-215443. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-25078 https://www.cve.org/CVERecord?id=CVE-2019-25078 [1] https://github.com/manugarg/pacparser/issues/99 [2] https://github.com/manugarg/pacparser/commit/853e8f45607cb07b877ffd270c63dbcdd5201ad9 Regards, Salvatore