diff options
Diffstat (limited to 'main/lzo/NEWS')
| -rw-r--r-- | main/lzo/NEWS | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/main/lzo/NEWS b/main/lzo/NEWS index 15eedeff..103c4d87 100644 --- a/main/lzo/NEWS +++ b/main/lzo/NEWS @@ -2,6 +2,22 @@ User visible changes for LZO -- a real-time data compression library ============================================================================ +Changes in 2.07 (25 Jun 2014) + * Fixed a potential integer overflow condition in the "safe" decompressor + variants which could result in a possible buffer overrun when + processing maliciously crafted compressed input data. + + As this issue only affects 32-bit systems and also can only happen if + you use uncommonly huge buffer sizes where you have to decompress more + than 16 MiB (2^24 bytes) compressed bytes within a single function call, + the practical implications are limited. + + POTENTIAL SECURITY ISSUE. + + * Removed support for ancient configurations like 16-bit "huge" pointers - + LZO now requires a flat 32-bit or 64-bit memory model. + * Assorted cleanups. + Changes in 2.06 (12 Aug 2011) * Some minor optimizations for big-endian architectures. * Fixed overly strict malloc() misalignment check in examples. |