'Fixed a potential integer overflow condition in the "safe" decompressor
variants which could result in a possible buffer overrun when processing
maliciously crafted compressed input data.
As this issue only affects 32-bit systems and also can only happen if
you use uncommonly huge buffer sizes where you have to decompress more
than 16 MiB (2^24 bytes) compressed bytes within a single function call,
the practical implications are limited.'
See http://www.openwall.com/lists/oss-security/2014/06/26/20 for more
details, there are also some embedded copies of "minilzo" from the same
source in various other programs which are also affected by this
9ecbdf1562