FS#40993 : [lzo2] CVE-2014-4607 integer overflow / remote code execution

Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines

Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!

FS#40993 - [lzo2] CVE-2014-4607 integer overflow / remote code execution

Attached to Project: Arch Linux
Opened by Daniel Micay (thestinger) - Friday, 27 June 2014, 03:28 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 29 June 2014, 09:19 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Tobias Powalowski (tpowa)
Architecture	All
Severity	Critical
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Daniel Micay (thestinger) (2014-06-27)
Private	No

Details

http://www.openwall.com/lists/oss-security/2014/06/26/20

This task depends upon

Closed by Tobias Powalowski (tpowa)
Sunday, 29 June 2014, 09:19 GMT
Reason for closing: Fixed
Additional comments about closing: 2.07-2

Comments (3)
Related Tasks (0/0)

Comment by Daniel Micay (thestinger) - Friday, 27 June 2014, 03:30 GMT

Background: http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html

Comment by Bartłomiej Piotrowski (Barthalion) - Friday, 27 June 2014, 19:07 GMT

Re-opening as it doesn't build for i686[1]. x86_64 sits in testing now.

[1] https://paste.xinu.at/VbPO6W/

Comment by Tobias Powalowski (tpowa) - Saturday, 28 June 2014, 05:27 GMT

Already informed the author of the software, no response yet about i686.

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

Arch Linux

FS#40993 - [lzo2] CVE-2014-4607 integer overflow / remote code execution

Details

Loading...