[SECURITY] [DLA 2372-1] libproxy security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 2372-1] libproxy security update
From: "Chris Lamb" <lamby@debian.org>
Date: Sat, 12 Sep 2020 05:42:56 -0400 (EDT)
Message-id: <[🔎] 159990373526.2227183.16661088308192749080@tinycat.chris-lamb.co.uk>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2372-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                           Chris Lamb
September 12, 2020                            https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : libproxy
Version        : 0.4.14-2+deb9u1
CVE ID         : CVE-2020-25219

It was discovered that there was a denial of service attack in
libproxy, a library to make applications HTTP proxy aware. A remote
server could cause an infinite stack recursion.

For Debian 9 "Stretch", this problem has been fixed in version
0.4.14-2+deb9u1.

We recommend that you upgrade your libproxy packages.

For the detailed security status of libproxy please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/libproxy

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAl9cl/MACgkQHpU+J9Qx
HlgjrxAAxk8OunTVKCTtCztwJKSWCSp46WGF+4fRXmKIFdjHw0/+4e6dKcaHXEbF
3OwLem9UGa4C8VnmuXb3S8ThAbZZ+ceaIYBBun8DlD7/3V23RezZeiegKr+ZhN61
6WYKRl8cGWJmGX0TVOW27tmw2Yin5n+tTQAroAVvx3HT2xy8wvzruwtJMPx01LzN
iQqaQrcnkiHOpkOcp0STPb15J2YRaDaZa6lGa214sN11lMw8HN7ARdM967qXz5x3
cAYLbOpzQm3BIBZhEGFA0407VYLduvexIVwgOBi8PeilYHuLCLfm7DKkbOtRn2Tn
sZfDg6NuAitjpy/WbnwUUmBn3+blCtTOacJMq9PFjr+2E0QCAHZxqrzD2KUV02x/
tF46GlFiBVi3XsDyWADBpU9IWy/EY0uHjfC840fA5F7c4zsd9pUXy5na7kVdIFFH
pb7itoMKhIRRXYeyEsTBa2RPX3pbSx/s3nM/usd2DpyZG71SYy1anBwwrhgt3+JH
psnzEmvm0YgGQ8Fd0C0PZI1sbbfuDVUpO3vSoqQK/yXITPuTgSYgEw7ittFgNFr1
Xn9rJtaejY/biO6o138ZrgWUg4enbuvolbOGSoXxEiA7dVsJKN+ZoF7QXovEdQoH
mTPDaNkY4KRvtJE8K/fLleUu02SLclymAdssYxfpxVSrmxbYY8U=
=+5f8
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 2371-1] wordpress security update
Next by Date: [SECURITY] [DLA 2373-1] qemu security update
Previous by thread: [SECURITY] [DLA 2371-1] wordpress security update
Next by thread: [SECURITY] [DLA 2373-1] qemu security update
Index(es):
- Date
- Thread