← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #34209

[Bug 1393264] Re: Sync lzo2 2.08-1 (main) from Debian unstable (main)

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package lzo2 - 2.08-1
Sponsored for Artur Rona (ari-tczew)

---------------
lzo2 (2.08-1) unstable; urgency=low

  * New upstream release (closes: #752861) (CVE-2014-4607)
  * Update standards version
  * Add autotools-dev to build dependencies (closes: #750622)

 -- Peter Eisentraut <petere@xxxxxxxxxx>  Mon, 14 Jul 2014 21:03:12
-0400

** Changed in: lzo2 (Ubuntu)
       Status: New => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-4607

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to lzo2 in Ubuntu.
https://bugs.launchpad.net/bugs/1393264

Title:
  Sync lzo2 2.08-1 (main) from Debian unstable (main)

Status in “lzo2” package in Ubuntu:
  Fix Released

Bug description:
  Please sync lzo2 2.08-1 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * SECURITY UPDATE: denial of service or possible code execution via
      integer overflow
      - debian/patches/CVE-2014-4607.patch: check for overflow in
        minilzo/minilzo.c, src/lzo1_d.ch, src/lzo1b_d.ch, src/lzo1f_d.ch,
        src/lzo1x_d.ch, src/lzo2a_d.ch.
      - CVE-2014-4607
    * SECURITY UPDATE: denial of service or possible code execution via
      integer overflow
      - debian/patches/CVE-2014-4607.patch: check for overflow in
        minilzo/minilzo.c, src/lzo1_d.ch, src/lzo1b_d.ch, src/lzo1f_d.ch,
        src/lzo1x_d.ch, src/lzo2a_d.ch.
      - CVE-2014-4607
    * Build using dh-autoreconf.
    * Build using dh-autoreconf.

  Debian supports autotools instead autoreconf.

  Changelog entries since current vivid version 2.06-1.2ubuntu2:

  lzo2 (2.08-1) unstable; urgency=low

    * New upstream release (closes: #752861) (CVE-2014-4607)
    * Update standards version
    * Add autotools-dev to build dependencies (closes: #750622)

   -- Peter Eisentraut <petere@xxxxxxxxxx>  Mon, 14 Jul 2014 21:03:12
  -0400

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/lzo2/+bug/1393264/+subscriptions

References

  Thread PreviousDate PreviousThread Next