There's an integer overflow in LZO (LMS-2014-06-16-1): http://www.openwall.com/lists/oss-security/2014/06/26/20
I suspect that this affects Busybox; the code would be in archival/libarchive/lzo1x_d.c But I wouldn't be able to verify that or to fix it. Thanks, Isaac Dunham _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
