Source: busybox Version: 1:1.22.0-5 Severity: serious Tags: security patch upstream fixed-upstream
Busybox embeds mini-lzo library implementation which suffers from CVE-2014-4607 -- integer overflow with memory corruption potential and a risk of (remote) code execution, see http://www.openwall.com/lists/oss-security/2014/06/26/20 for details. This flaw has been fixed in busybox upstream in commit a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3. /mjt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
