On Mon, 30 Jun 2014 10:17:26 +0200 Denys Vlasenko <[email protected]> wrote:
> On Saturday 28 June 2014 15:33, Isaac Dunham wrote: > > There's an integer overflow in LZO (LMS-2014-06-16-1): > > http://www.openwall.com/lists/oss-security/2014/06/26/20 > > > > I suspect that this affects Busybox; the code would be in > > archival/libarchive/lzo1x_d.c > > But I wouldn't be able to verify that or to fix it. > > Thanks for the report. > > Fixed in git just now. I think this also should be added to http://busybox.net/downloads/fixes-1.22.1/ Thanks! -nc _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
