[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Update to minilzo-2.08
From: |
Javier Martinez Canillas |
Subject: |
Re: [PATCH] Update to minilzo-2.08 |
Date: |
Tue, 22 Oct 2019 10:18:39 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0 |
Hello Daniel,
On 10/21/19 4:48 PM, Daniel Kiper wrote:
> On Fri, Oct 18, 2019 at 02:45:13PM +0200, Javier Martinez Canillas wrote:
>> From: Peter Jones <address@hidden>
>>
>> This fixes CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow
>>
>> Resolves: http://savannah.gnu.org/bugs/?42635
>
> OK but I would like to know how did you come up with that patch.
> Please describe the process in docs/grub-dev.texi. Good example is
> in commit 35b909062 (gnulib: Upgrade Gnulib and switch to bootstrap
> tool). You can also look at commit 461f1d8af (zstd: Import upstream
> zstd-1.3.6).
>
Fair enough. I'll do that in v2.
> Daniel
>
Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat