git.ipfire.org Git - thirdparty/grub.git/commit

author	Peter Jones <pjones@redhat.com>
	Mon, 20 Jan 2020 14:07:49 +0000 (15:07 +0100)
committer	Daniel Kiper <daniel.kiper@oracle.com>
	Tue, 11 Feb 2020 20:30:30 +0000 (21:30 +0100)
commit	3165efcfc24dab1cad5a5c2f5e7578bd876e6b52
tree	a1d64c1748ee1451f83ee6b0832cae2fdfe894ba	tree
parent	598de14d9340137cd7c7a099e8ed53d97f1f68a0	commit \| diff

minilzo: Update to minilzo-2.08

This patch updates the miniLZO library to a newer version, which among other
things fixes "CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow"
that is present in the current used in GRUB.

It also updates the "GRUB Developers Manual", to mention that the library is
used and describes the process to update it to a newer release when needed.

Resolves: http://savannah.gnu.org/bugs/?42635

Signed-off-by: Peter Jones <pjones@redhat.com>
Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

docs/grub-dev.texi		diff \| blob \| blame \| history
grub-core/lib/minilzo/lzoconf.h		diff \| blob \| blame \| history
grub-core/lib/minilzo/lzodefs.h		diff \| blob \| blame \| history
grub-core/lib/minilzo/minilzo.c		diff \| blob \| blame \| history
grub-core/lib/minilzo/minilzo.h		diff \| blob \| blame \| history