Debian Security Advisory
DLA-35-1 lzo2 -- LTS security update
- Date Reported:
- 11 Aug 2014
- Affected Packages:
- lzo2
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-4607.
- More information:
-
Fix integer overflow in lzo1x_decompress_safe() allowing denial of service or code execution.
For Debian 6
Squeeze
, these issues have been fixed in lzo2 version 2.03-2+deb6u1