Hello Daniel, On 10/21/19 4:48 PM, Daniel Kiper wrote: > On Fri, Oct 18, 2019 at 02:45:13PM +0200, Javier Martinez Canillas wrote: >> From: Peter Jones <pjo...@redhat.com> >> >> This fixes CVE-2014-4607 - lzo: lzo1x_decompress_safe() integer overflow >> >> Resolves: http://savannah.gnu.org/bugs/?42635 > > OK but I would like to know how did you come up with that patch. > Please describe the process in docs/grub-dev.texi. Good example is > in commit 35b909062 (gnulib: Upgrade Gnulib and switch to bootstrap > tool). You can also look at commit 461f1d8af (zstd: Import upstream > zstd-1.3.6). >
Fair enough. I'll do that in v2. > Daniel > Best regards, -- Javier Martinez Canillas Software Engineer - Desktop Hardware Enablement Red Hat _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
