Package: libxen
Version: 4.17.3
Severity: normal
X-Debbugs-Cc: mariamarutun...@gmail.com

Dear Maintainer,
A vulnerability identified as CVE-2014-4608 was discovered and fixed in LZO 
decompressor in the Linux kernel with the following commit: 
https://github.com/torvalds/linux/commit/206a81c18401c0cde6e579164f752c4b147324ce.
 Which amended the "lzo1x_decompress_safe" function located in 
lib/lzo/lzo1x_decompress_safe.c file. 
Xen project contains a similar "lzo1x_decompress_safe" function in the 
xen/common/lzo.c file, which has not been fixed.

-- System Information:
Debian Release: trixie/sid
  APT prefers noble-updates
  APT policy: (500, 'noble-updates'), (500, 'noble-security'), (500, 'noble'), 
(500, 'bionic'), (100, 'noble-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 6.8.0-45-generic (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Reply via email to