URL: <http://savannah.gnu.org/bugs/?42635>
Summary: minilzo: Embedded LZO vulnerability (CVE-2014-4607) Project: GNU GRUB Submitted by: kristianf Submitted on: Fri 27 Jun 2014 04:06:24 PM GMT Category: Security Severity: Major Priority: 5 - Normal Item Group: None Status: None Privacy: Public Assigned to: None Originator Name: Originator Email: Open/Closed: Open Discussion Lock: Any Release: Release: Git master Reproducibility: None Planned Release: None _______________________________________________________ Details: Hi, A security issue was raised[0] regarding implementation of LZO which is fixed in Oberhumer's LZO version 2.07 and allocated CVE-2014-4607. Further it is suggested that grub might be affected to this vulnerability by embedding a version of the affected code (minilzo)[1]. It would be appreciated to get a comment on the applicability and a possible fix for this issue. References: [0] http://seclists.org/oss-sec/2014/q2/665 [1] http://seclists.org/oss-sec/2014/q2/676 _______________________________________________________ Reply to this item at: <http://savannah.gnu.org/bugs/?42635> _______________________________________________ Message sent via/by Savannah http://savannah.gnu.org/ _______________________________________________ Bug-grub mailing list Bug-grub@gnu.org https://lists.gnu.org/mailman/listinfo/bug-grub