subject:"Bug#931278\: bzip2\: Fix for CVE\-2019\-12900 breaks uncompressing some lbzip2 files"

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

2019-07-09 Thread Mark Wielaard

On Tue, 2019-07-09 at 22:06 +0200, Salvatore Bonaccorso wrote: > The patch seems to have evolved to > https://sourceware.org/ml/bzip2-devel/2019-q3/msg7.html. Were > there any more issues found? Should downstream distros who picked up > the CVE-2019-12900 safely include this patch? Yes. It was

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

2019-07-09 Thread Salvatore Bonaccorso

Hi Mark, On Tue, Jul 02, 2019 at 10:10:21PM +0200, Salvatore Bonaccorso wrote: > Hey Mark! > > On Mon, Jul 01, 2019 at 12:33:06AM +0200, Mark Wielaard wrote: > > Hi Salvatore, > > > > On Sun, 2019-06-30 at 19:28 +0200, Salvatore Bonaccorso wrote: > > > Testing and feedback appreciated. > > > >

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

2019-07-02 Thread Salvatore Bonaccorso

Hey Mark! On Mon, Jul 01, 2019 at 12:33:06AM +0200, Mark Wielaard wrote: > Hi Salvatore, > > On Sun, 2019-06-30 at 19:28 +0200, Salvatore Bonaccorso wrote: > > Testing and feedback appreciated. > > > > it is not very helpfull I think, because I do not have a good testing > > corpus. What I did i

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

2019-06-30 Thread Mark Wielaard

Hi Salvatore, On Sun, 2019-06-30 at 19:28 +0200, Salvatore Bonaccorso wrote: > Testing and feedback appreciated. > > it is not very helpfull I think, because I do not have a good testing > corpus. What I did is to apply the patch on top of our current > 1.0.6-9.1 (which has the issue after fixing

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

2019-06-30 Thread Salvatore Bonaccorso

Hi Mark, On Sun, Jun 30, 2019 at 06:01:35PM +0200, Mark Wielaard wrote: > See the upstream discussion on the bzip2-devel mailinglist: > https://sourceware.org/ml/bzip2-devel/2019-q2/msg00024.html > > In particular this workaround patch for some (buggy lbzip2 compressed) > files that bzip2 1.0.6 c

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

2019-06-30 Thread Mark Wielaard

See the upstream discussion on the bzip2-devel mailinglist: https://sourceware.org/ml/bzip2-devel/2019-q2/msg00024.html In particular this workaround patch for some (buggy lbzip2 compressed) files that bzip2 1.0.6 could decompress, but 1.0.7 (with the CVE-2019- 12900 hardening patch) cannot: https

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

2019-06-30 Thread Salvatore Bonaccorso

Source: bzip2 Version: 1.0.6-9.1 Severity: normal Tags: upstream Forwarded: https://gitlab.com/federicomenaquintero/bzip2/issues/24 The fix for CVE-2019-12900 causes that some lbzip2 compressed files cannot be uncompressed anymore. There ws a bug in libzip2 which got fixed, but files produced befo

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

Bug#931278: bzip2: Fix for CVE-2019-12900 breaks uncompressing some lbzip2 files

7 matches

Site Navigation

Mail list logo

Footer information