Control: tags 1123676 + patch Control: tags 1123676 + pending Dear maintainer,
I've prepared an NMU for proxychains-ng (versioned as 4.17-3.1) and uploaded it to DELAYED/1. Please feel free to tell me if I should cancel it. cu Adrian
diffstat for proxychains-ng-4.17 proxychains-ng-4.17 changelog | 8 ++ patches/0001-fix-potential-buffer-overflow-in-config-file-parsing.patch | 29 ++++++++++ patches/series | 1 3 files changed, 38 insertions(+) diff -Nru proxychains-ng-4.17/debian/changelog proxychains-ng-4.17/debian/changelog --- proxychains-ng-4.17/debian/changelog 2025-01-20 15:50:44.000000000 +0200 +++ proxychains-ng-4.17/debian/changelog 2026-05-07 23:58:04.000000000 +0300 @@ -1,3 +1,11 @@ +proxychains-ng (4.17-3.1) unstable; urgency=medium + + * Non-maintainer upload. + * CVE-2025-34451: buffer overflow in config file parsing + (Closes: #1123676) + + -- Adrian Bunk <[email protected]> Thu, 07 May 2026 23:58:04 +0300 + proxychains-ng (4.17-3) unstable; urgency=medium * New maintainer.(Closes: #1093571) diff -Nru proxychains-ng-4.17/debian/patches/0001-fix-potential-buffer-overflow-in-config-file-parsing.patch proxychains-ng-4.17/debian/patches/0001-fix-potential-buffer-overflow-in-config-file-parsing.patch --- proxychains-ng-4.17/debian/patches/0001-fix-potential-buffer-overflow-in-config-file-parsing.patch 1970-01-01 02:00:00.000000000 +0200 +++ proxychains-ng-4.17/debian/patches/0001-fix-potential-buffer-overflow-in-config-file-parsing.patch 2026-05-07 23:57:22.000000000 +0300 @@ -0,0 +1,29 @@ +From 805feeecc580e1612360f3d5aa23d80f95d3551a Mon Sep 17 00:00:00 2001 +From: rofl0r <[email protected]> +Date: Sat, 18 Oct 2025 12:13:11 +0000 +Subject: fix potential buffer overflow in config file parsing + +could be triggered by using username or password exceeding 255 +bytes for http type proxies. + +closes #606 +--- + src/libproxychains.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/libproxychains.c b/src/libproxychains.c +index 84a8f00..1920b4e 100644 +--- a/src/libproxychains.c ++++ b/src/libproxychains.c +@@ -241,7 +241,7 @@ static int proxy_from_string(const char *proxystring, + ul = p-u; + p++; + pl = at-p; +- if(proxytype == RS_PT_SOCKS5 && (ul > 255 || pl > 255)) ++ if(ul > 255 || pl > 255) + return 0; + memcpy(user_buf, u, ul); + user_buf[ul]=0; +-- +2.47.3 + diff -Nru proxychains-ng-4.17/debian/patches/series proxychains-ng-4.17/debian/patches/series --- proxychains-ng-4.17/debian/patches/series 2025-01-20 15:50:07.000000000 +0200 +++ proxychains-ng-4.17/debian/patches/series 2026-05-07 23:57:42.000000000 +0300 @@ -1,2 +1,3 @@ 0001-Use-proper-library-version-for-libproxychains.patch 0002-Install-conffile-as-proxychains4.conf.patch +0001-fix-potential-buffer-overflow-in-config-file-parsing.patch
