Ack: [Precise][P/lts-backport-quantal][P/lts-backport-raring][CVE-2014-4608][PATCH 0/3] lzo: properly check for overruns
Brad Figg
brad.figg at canonical.com
Fri Jun 27 16:49:21 UTC 2014
On 06/27/2014 09:39 AM, Luis Henriques wrote:
> WARNING:
> The buglink is missing in these patches! Whoever is applying
> the patches, please wait for the buglink to be provided!
>
> Following this email I'm sending 3 patches that include the Precise,
> lts-backport-quantal and lts-backport-raring fix for this CVE. I've
> used the same approach used by GregKH for the 3.4 stable kernel
> backport, i.e., picked the following 3 commits:
>
> b6bec26cea94 "lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c"
> 8b975bd3f908 "lib/lzo: Update LZO compression to current upstream version"
> 206a81c18401 "lzo: properly check for overruns"
>
> These are all clean cherry-picks for these 3 kernels.
>
> Greg Kroah-Hartman (1):
> lzo: properly check for overruns
>
> Markus F.X.J. Oberhumer (2):
> lib/lzo: Rename lzo1x_decompress.c to lzo1x_decompress_safe.c
> lib/lzo: Update LZO compression to current upstream version
>
> include/linux/lzo.h | 15 +-
> lib/decompress_unlzo.c | 2 +-
> lib/lzo/Makefile | 2 +-
> lib/lzo/lzo1x_compress.c | 335 +++++++++++++++++++++++-----------------
> lib/lzo/lzo1x_decompress.c | 255 ------------------------------
> lib/lzo/lzo1x_decompress_safe.c | 257 ++++++++++++++++++++++++++++++
> lib/lzo/lzodefs.h | 38 +++--
> 7 files changed, 488 insertions(+), 416 deletions(-)
> delete mode 100644 lib/lzo/lzo1x_decompress.c
> create mode 100644 lib/lzo/lzo1x_decompress_safe.c
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list