[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Update to minilzo-2.08
From: |
Daniel Kiper |
Subject: |
Re: [PATCH] Update to minilzo-2.08 |
Date: |
Mon, 21 Oct 2019 16:48:15 +0200 |
User-agent: |
NeoMutt/20170113 (1.7.2) |
On Fri, Oct 18, 2019 at 02:45:13PM +0200, Javier Martinez Canillas wrote:
> From: Peter Jones <address@hidden>
>
> This fixes CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow
>
> Resolves: http://savannah.gnu.org/bugs/?42635
OK but I would like to know how did you come up with that patch.
Please describe the process in docs/grub-dev.texi. Good example is
in commit 35b909062 (gnulib: Upgrade Gnulib and switch to bootstrap
tool). You can also look at commit 461f1d8af (zstd: Import upstream
zstd-1.3.6).
Daniel