id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
4490	bzip2-1.0.7	Xi Ruoyao	lfs-book	"{{{
bzip2 1.0.7 contains only the following bug/security fixes:

* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv[0]
* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)
* Make sure nSelectors is not out of range (CVE-2019-12900)
}}}

https://sourceware.org/pub/bzip2/bzip2-1.0.7.tar.gz

This version still uses Makefile and Makefile-libbz2_so.  No instruction changes should be required, in our book."	task	closed	high	9.0	Book	SVN	normal	fixed