Overview
Request 239295 accepted
- update to 2.08 (bnc#883947) CVE-2014-4607
- Updated the Autoconf scripts to fix some reported build
problems.
- Added CMake build support.
- Fixed lzo_init() on big-endian architectures like Sparc.
- additional changes in 2.07
* Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
Fortunately this issue only affects 32-bit systems and also can
only happen if you use uncommonly huge buffer sizes where you
have to decompress more than 16 MiB (> 2^24 bytes) untrusted
compressed bytes within a single function call, so the
practical implications are limited.
POTENTIAL SECURITY ISSUE. CVE-2014-4607.
* Removed support for ancient configurations like 16-bit "huge"
pointers - LZO now requires a flat 32-bit or 64-bit memory
model.
* Assorted cleanups. (forwarded request 239294 from darix)
Request History
msmeissn created request
- update to 2.08 (bnc#883947) CVE-2014-4607
- Updated the Autoconf scripts to fix some reported build
problems.
- Added CMake build support.
- Fixed lzo_init() on big-endian architectures like Sparc.
- additional changes in 2.07
* Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
Fortunately this issue only affects 32-bit systems and also can
only happen if you use uncommonly huge buffer sizes where you
have to decompress more than 16 MiB (> 2^24 bytes) untrusted
compressed bytes within a single function call, so the
practical implications are limited.
POTENTIAL SECURITY ISSUE. CVE-2014-4607.
* Removed support for ancient configurations like 16-bit "huge"
pointers - LZO now requires a flat 32-bit or 64-bit memory
model.
* Assorted cleanups. (forwarded request 239294 from darix)
factory-auto added a reviewer
Pick Staging Project
factory-auto added a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
licensedigger accepted review
{"approve": "preliminary, version number changed"}
factory-repo-checker accepted review
Builds for repo Base:System/openSUSE_Factory
coolo added a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:F"
coolo accepted review
Picked openSUSE:Factory:Staging:F
coolo approved review
ready to accept
coolo accepted review
ready to accept
coolo accepted request
Accept to factory
