[Precise][CVE-2014-4608][PATCH 0/2] lzo: check for length overrun in variable length encoding.
Luis Henriques
luis.henriques at canonical.com
Mon Oct 20 16:13:08 UTC 2014
The fix for this CVE has been reverted upstream and a new fix is
available in 3.18-rc1. Following this email, I am sending the revert
and the new fix for Precise.
Willy Tarreau (2):
Revert "lzo: properly check for overruns"
lzo: check for length overrun in variable length encoding.
lib/lzo/lzo1x_decompress_safe.c | 103 ++++++++++++++++++++++------------------
1 file changed, 57 insertions(+), 46 deletions(-)
--
2.1.0
More information about the kernel-team
mailing list