Merge branch 'develop'

author: Parménides GV <parmegv@sdf.org> 2014-08-18 18:22:54 +0200
committer: Parménides GV <parmegv@sdf.org> 2014-08-18 18:22:54 +0200
commit: 31f6eab32a26a658cbfb2db0d457cc1f87d23f0f (patch)
tree: 75f372ff22a94102ef2f9bd163febf54ac45e9d6 /app/lzo/NEWS
parent: 6057466bc8b4475bf4564b9143c60753c90f9aaa (diff)
parent: 7d8cde4f7ae769a3b6a25483d8bd0bb6c1551af9 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/app/lzo/NEWS b/app/lzo/NEWS
index 15eedeff..103c4d87 100644
--- a/app/lzo/NEWS
+++ b/app/lzo/NEWS
@@ -2,6 +2,22 @@
 User visible changes for LZO -- a real-time data compression library
 ============================================================================
 
+Changes in 2.07 (25 Jun 2014)
+  * Fixed a potential integer overflow condition in the "safe" decompressor
+    variants which could result in a possible buffer overrun when
+    processing maliciously crafted compressed input data.
+
+    As this issue only affects 32-bit systems and also can only happen if
+    you use uncommonly huge buffer sizes where you have to decompress more
+    than 16 MiB (2^24 bytes) compressed bytes within a single function call,
+    the practical implications are limited.
+
+    POTENTIAL SECURITY ISSUE.
+
+  * Removed support for ancient configurations like 16-bit "huge" pointers -
+    LZO now requires a flat 32-bit or 64-bit memory model.
+  * Assorted cleanups.
+
 Changes in 2.06 (12 Aug 2011)
   * Some minor optimizations for big-endian architectures.
   * Fixed overly strict malloc() misalignment check in examples.
author	Parménides GV <parmegv@sdf.org>	2014-08-18 18:22:54 +0200
committer	Parménides GV <parmegv@sdf.org>	2014-08-18 18:22:54 +0200
commit	31f6eab32a26a658cbfb2db0d457cc1f87d23f0f (patch)
tree	75f372ff22a94102ef2f9bd163febf54ac45e9d6 /app/lzo/NEWS
parent	6057466bc8b4475bf4564b9143c60753c90f9aaa (diff)
parent	7d8cde4f7ae769a3b6a25483d8bd0bb6c1551af9 (diff)