-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2450-1 debian-...@lists.debian.org https://www.debian.org/lts/security/ Emilio Pozuelo Monfort November 13, 2020 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : libproxy Version : 0.4.14-2+deb9u2 CVE ID : CVE-2020-26154 Debian Bug : 968366 Li Fei found that libproxy, a library for automatic proxy configuration management, was vulnerable to a buffer overflow vulnerability when receiving a large PAC file from a server without a Content-Length header in the response. For Debian 9 stretch, this problem has been fixed in version 0.4.14-2+deb9u2. We recommend that you upgrade your libproxy packages. For the detailed security status of libproxy please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libproxy Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl+uZ7AACgkQnUbEiOQ2 gwL3wQ//WJYXoI8N0ZqKP1zq6Yb5oso4kCz1h1SbZZVmrXdJ627qsxdBU0Lgmn6Y yjaQ+gwSUiCGn/N+m2VDTCrqQrcs4dBfF/nn8lxZdOAXMTIA70Y2IknTrdn7jvT+ /WDcAJyB0Y6aROHlSka/m02G2cQWb3TOGryZPmtA9SzW/MlZ0E1yXRzx1dPvpF+R 6KQC0lZAU66Rx5dYG1sioqMWhVTXVKVHsC4cB7EZU3ljmbGaSDyz4bvL+1uQwsJS dW5OweX3ucX4/C9e93P57vkw1kj37i4SaLJMQff/J5w/6YdI1Qfh5d07P7J/zxeh kD+Q5GPmvm5r7tBfQmdSFoVAZrKH5nOfjlGNQQYa3Da/jQBmQwGDu6dInWZ3YqgL 7TMPHnH7GMPI5XWb0ZXJFpo6xThzJC+9iVsT9fOKPfcVwDW9i54N6r077Z0yp1m2 sIy6UWT2RGk4VQeToMoQyj3zk8VwKIj9/6RJUHWeMsOCxuh1GmYYnoE7IL2JMwWY LGVkeRdb4po10fO0Qu8crZz8MEpQjaVtpvs9u6uPSwTL/7GQUlf3FvsnuWB6D770 4k98ipb64+uasxvv263flIdC5MgQagbarJ3+cFoxAE0T49KJSjNDs37pTTaawEog qlMJCXBKi/SPzc9PhJUTTHgvaC/qCnobG6TXjKJQYvPJB8iaKYU= =Cz0I -----END PGP SIGNATURE-----