diff options
author | Moritz Muehlenhoff <jmm@debian.org> | 2014-12-09 05:23:28 +0000 |
---|---|---|
committer | Moritz Muehlenhoff <jmm@debian.org> | 2014-12-09 05:23:28 +0000 |
commit | 0097c40ba4c5b66fca2367c9782821f3d4de470d (patch) | |
tree | 0a6c026caf36f96dec69aec64f3d7f312e3b4dab /retired/CVE-2014-4608 | |
parent | 5ae6fd26f64eabb877c77bfaa9022ce3a8e46d30 (diff) |
retire
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3601 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2014-4608')
-rw-r--r-- | retired/CVE-2014-4608 | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/retired/CVE-2014-4608 b/retired/CVE-2014-4608 new file mode 100644 index 00000000..50efd5f5 --- /dev/null +++ b/retired/CVE-2014-4608 @@ -0,0 +1,12 @@ +Description: lzo integer overflow +References: +Notes: + jmm> Not exploiable according to http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html +Bugs: +upstream: released (3.16-rc3) [206a81c18401c0cde6e579164f752c4b147324ce] +2.6.32-upstream-stable: released (2.6.32.64) +sid: released (3.14.9-1) +3.2-wheezy-security: released (3.2.63-1) +3.16-upstream-stable: N/A +2.6.32-squeeze-security: released (2.6.32-48squeeze9) +3.2-upstream-stable: released (3.2.61) [lib-lzo-rename-lzo1x_decompress.c-to-lzo1x_decompress_safe.c.patch, lib-lzo-update-lzo-compression-to-current-upstream-version.patch, lzo-properly-check-for-overruns.patch] |