[U-Boot] U-Boot vulnerable to CVE-2014-4607 (LZO)?

Thomas Deutschmann whissi at gentoo.org
Tue Nov 22 21:54:50 CET 2016


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,

could you please help me to determine if U-Boot was or still is
vulnerable to CVE-2014-4607?

The project uses LZO decompression in

  lib/lzo/lzo1x_decompress.c


I found the following applied patch set

http://lists.denx.de/pipermail/u-boot/2014-December/197547.html

but I am not sure.

Thanks for any help!


- -- 
Regards,
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0

iQJ8BAEBCgBmBQJYNLCXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzM0M1ODQ4MkM0MDIyOTJEMkUzQzVDMDY5
NzA5RjkwQzNDOTZGRkM4AAoJEJcJ+Qw8lv/IWjEP/0sl5PHukqI+aKhDtVripPU5
67QUsepFnzPTXWmaz4a4ZVYngnSaxSbrn7l12BBr5KA3h9ffkvMpP7OWy2C7+MVO
+eTOzDzMjGk5G3XLkSu3O7nnK2qqwNaoM4S+jZGrttpNXWmEVfHu3/K9vonM7WvQ
B/HDf/FpAl400HWQtbCw2uz84/J8ApHjLalhPgUxS0EF5ndhmYZGaeoioaYMXXcK
2KNbS2eydBneDuoyQJAjveDqwhRVNhqKNaBZFFq1cKVBpAVVWJy1yyQFSMwYp8st
/mLzFJ+3zBULrMbgoLGbgk5A9GGWVEMt1Z+OPhjExJDAe/zFfzr0BcdP9z5895nN
E9TfBicVTIDNlXm4T9LVa992dJKyKD599ziU8sMsL4c7SU7G0bJp+1I1IP/LaMGZ
TZ6Jcvoq/bIdfMoiY6RYjLJy1R48zwUC3BfIOz7UjhJX3WRObMXaNX9LCyih5TP3
FJVy1UB3w0zDQ53LZTvsJghQlbkEwHUaLA9ePjlnugeS5oLrtnrDR+jQYsvifRCB
QMYkFloNUjNBuOIe/gTrNzfZCwk8M2zGB4efYPhVBnWUdH/fiETGC8PdzwL54uQk
lvXuBWGprQXHqdjwMUblDUm3CucAFsB38y31ax3D062UySB2KO5xfb48pxe0inZX
/WuG9EAxfcK7PzQYcOVw
=fgWw
-----END PGP SIGNATURE-----


More information about the U-Boot mailing list