Debian Security Advisory

DLA-35-1 lzo2 -- LTS security update

Date Reported:
11 Aug 2014
Affected Packages:
lzo2
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2014-4607.
More information:

Fix integer overflow in lzo1x_decompress_safe() allowing denial of service or code execution.

For Debian 6 Squeeze, these issues have been fixed in lzo2 version 2.03-2+deb6u1