security/2018Q4: bzip2 #221
Open
Commits on Sep 7, 2019
-
bzip2: Update to 1.0.8. This changes the upstream to sourceware.org.
1.0.8 (13 Jul 19) ~~~~~~~~~~~~~~~~~ * Accept as many selectors as the file format allows. This relaxes the fix for CVE-2019-12900 from 1.0.7 so that bzip2 allows decompression of bz2 files that use (too) many selectors again. * Fix handling of large (> 4GB) files on Windows. * Cleanup of bzdiff and bzgrep scripts so they don't use any bash extensions and handle multiple archives correctly. * There is now a bz2-files testsuite at https://sourceware.org/git/bzip2-tests.git 1.0.7 (27 Jun 19) ~~~~~~~~~~~~~~~~~ * Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH * bzip2: Fix return value when combining --test,-t and -q. * bzip2recover: Fix buffer overflow for large argv[0] * bzip2recover: Fix use after free issue with outFile (CVE-2016-3189) * Make sure nSelectors is not out of range (CVE-2019-12900)
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.