[Bug 1393264] [NEW] Sync lzo2 2.08-1 (main) from Debian unstable (main)

Launchpad Bug Tracker 1393264 at bugs.launchpad.net
Sun Nov 16 22:57:35 UTC 2014


You have been subscribed to a public bug by Artur Rona (ari-tczew):

Please sync lzo2 2.08-1 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: denial of service or possible code execution via
    integer overflow
    - debian/patches/CVE-2014-4607.patch: check for overflow in
      minilzo/minilzo.c, src/lzo1_d.ch, src/lzo1b_d.ch, src/lzo1f_d.ch,
      src/lzo1x_d.ch, src/lzo2a_d.ch.
    - CVE-2014-4607
  * SECURITY UPDATE: denial of service or possible code execution via
    integer overflow
    - debian/patches/CVE-2014-4607.patch: check for overflow in
      minilzo/minilzo.c, src/lzo1_d.ch, src/lzo1b_d.ch, src/lzo1f_d.ch,
      src/lzo1x_d.ch, src/lzo2a_d.ch.
    - CVE-2014-4607
  * Build using dh-autoreconf.
  * Build using dh-autoreconf.

Debian supports autotools instead autoreconf.

Changelog entries since current vivid version 2.06-1.2ubuntu2:

lzo2 (2.08-1) unstable; urgency=low

  * New upstream release (closes: #752861) (CVE-2014-4607)
  * Update standards version
  * Add autotools-dev to build dependencies (closes: #750622)

 -- Peter Eisentraut <petere at debian.org>  Mon, 14 Jul 2014 21:03:12
-0400

** Affects: lzo2 (Ubuntu)
     Importance: Wishlist
         Status: New

-- 
Sync lzo2 2.08-1 (main) from Debian unstable (main)
https://bugs.launchpad.net/bugs/1393264
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.



More information about the Ubuntu-sponsors mailing list