On Mon, Jan 20, 2020 at 03:07:49PM +0100, Javier Martinez Canillas wrote: > From: Peter Jones <pjo...@redhat.com> > > This patch updates the miniLZO library to a newer version, which among other > things fixes "CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow" > that is present in the current used in GRUB. > > It also updates the "GRUB Developers Manual", to mention that the library is > used and describes the process to update it to a newer release when needed. > > Resolves: http://savannah.gnu.org/bugs/?42635 > > Signed-off-by: Peter Jones <pjo...@redhat.com> > Signed-off-by: Javier Martinez Canillas <javi...@redhat.com>
Reviewed-by: Daniel Kiper <daniel.ki...@oracle.com> Daniel _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
