Displaying 1 result from an estimated 1 matches for "af958a38a60c".
2024 Oct 16
0
Bug#1085137: libxen: Libxen Includes Code Similar to LZO Decompressor with a Known CVE
...t; function located in
lib/lzo/lzo1x_decompress_safe.c file.
> Xen project contains a similar "lzo1x_decompress_safe" function in the
xen/common/lzo.c file, which has not been fixed.
Linux commit 206a81c18401 ("lzo: properly check for overruns") was
reverted a month later in af958a38a60c ("Revert "lzo: properly check for
overruns"") and then fixed differently in 72cf90124e87 ("lzo: check for
length overrun in variable length encoding.")
Xen mirrored that sequence with 504f70b62406, 092978f2ffcf and then
10a94ddbd2eb.
~Andrew