From 07d689aa876d3cceb2bbeaa08f6dc03f778611b7 Mon Sep 17 00:00:00 2001
From: "yanjun.zhu" <yanjun.zhu@windriver.com>
Date: Fri, 30 Nov 2012 19:08:56 +0800
Subject: libproxy: Fix for CVE-2012-4504

Reference:https://code.google.com/p/libproxy/source/detail?r=853

Stack-based buffer overflow in the url::get_pac function in url.cpp
in libproxy 0.4.x before 0.4.9 allows remote servers to have an
unspecified impact via a large proxy.pac file.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-4504

[YOCTO #3487]

(From OE-Core rev: 821401df8cd79e4878ad87f918b1ce8d0da141ec)

Signed-off-by: yanjun.zhu <yanjun.zhu@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/libproxy/libproxy_0.4.7.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-support/libproxy/libproxy_0.4.7.bb')

diff --git a/meta/recipes-support/libproxy/libproxy_0.4.7.bb b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
index c6a733a1df..510c6b7c4e 100644
--- a/meta/recipes-support/libproxy/libproxy_0.4.7.bb
+++ b/meta/recipes-support/libproxy/libproxy_0.4.7.bb
@@ -13,6 +13,7 @@ PR = "r5"
 SRC_URI = "http://libproxy.googlecode.com/files/libproxy-${PV}.tar.gz \
            file://g++-namepace.patch \
            file://libproxy_fix_for_gcc4.7.patch \
+           file://libproxy-0.4.7-CVE-2012-4504.patch \
           "
 
 SRC_URI[md5sum] = "509e03a488a61cd62bfbaf3ab6a2a7a5"
-- 
cgit v1.2.3-54-g00ecf