retire

git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@3601 e094ebfe-e918-0410-adfb-c712417f3574

1 files changed, 12 insertions, 0 deletions

diff --git a/retired/CVE-2014-4608 b/retired/CVE-2014-4608
new file mode 100644
index 00000000..50efd5f5
--- /dev/null
+++ b/retired/CVE-2014-4608
@@ -0,0 +1,12 @@
+Description: lzo integer overflow 
+References:
+Notes:
+ jmm> Not exploiable according to http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
+Bugs:
+upstream: released (3.16-rc3) [206a81c18401c0cde6e579164f752c4b147324ce]
+2.6.32-upstream-stable: released (2.6.32.64)
+sid: released (3.14.9-1)
+3.2-wheezy-security: released (3.2.63-1)
+3.16-upstream-stable: N/A
+2.6.32-squeeze-security: released (2.6.32-48squeeze9)
+3.2-upstream-stable: released (3.2.61) [lib-lzo-rename-lzo1x_decompress.c-to-lzo1x_decompress_safe.c.patch, lib-lzo-update-lzo-compression-to-current-upstream-version.patch, lzo-properly-check-for-overruns.patch]