Opened 5 years ago

Closed 5 years ago

#4490 closed task (fixed)

bzip2-1.0.7

Reported by: Xi Ruoyao Owned by: lfs-book
Priority: high Milestone: 9.0
Component: Book Version: SVN
Severity: normal Keywords:
Cc:

Description 

bzip2 1.0.7 contains only the following bug/security fixes:

* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv[0]
* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)
* Make sure nSelectors is not out of range (CVE-2019-12900)

https://sourceware.org/pub/bzip2/bzip2-1.0.7.tar.gz

This version still uses Makefile and Makefile-libbz2_so. No instruction changes should be required, in our book.

Change History (4)

comment:1 by Bruce Dubbs, 5 years ago

Milestone: 8.59.0

Milestone renamed

comment:2 by Douglas R. Reno, 5 years ago

I remember receiving an email from the oss-security mailing list regarding this:

https://seclists.org/oss-sec/2019/q2/139

https://seclists.org/oss-sec/2019/q2/142

comment:3 by Douglas R. Reno, 5 years ago

Priority: normalhigh

comment:4 by Bruce Dubbs, 5 years ago

Resolution: fixed
Status: newclosed

Fixed at revision 11626.

Note: See TracTickets for help on using tickets.