Marcus Meissner
d00ef480b7
- update to 2.08 (bnc#883947) CVE-2014-4607
- Updated the Autoconf scripts to fix some reported build
problems.
- Added CMake build support.
- Fixed lzo_init() on big-endian architectures like Sparc.
- additional changes in 2.07
* Fixed a potential integer overflow condition in the "safe"
decompressor variants which could result in a possible buffer
overrun when processing maliciously crafted compressed input
data.
Fortunately this issue only affects 32-bit systems and also can
only happen if you use uncommonly huge buffer sizes where you
have to decompress more than 16 MiB (> 2^24 bytes) untrusted
compressed bytes within a single function call, so the
practical implications are limited.
POTENTIAL SECURITY ISSUE. CVE-2014-4607.
* Removed support for ancient configurations like 16-bit "huge"
pointers - LZO now requires a flat 32-bit or 64-bit memory
model.
* Assorted cleanups.
OBS-URL: https://build.opensuse.org/request/show/239294
OBS-URL: https://build.opensuse.org/package/show/Base:System/lzo?expand=0&rev=24
4 lines
131 B
Plaintext
4 lines
131 B
Plaintext
version https://git-lfs.github.com/spec/v1
|
|
oid sha256:ac1b3e4dee46febe9fd28737eb7f5692d3232ef1a01da10444394c3d47536614
|
|
size 589045
|