attached diff fixes CVE-2019-12900 (BZ2_decompress in decompress.c in
bzip2 through 1.0.6 has an out-of-bounds write when there are many
selectors.) The vulnerability has a CVSS v3.0 score of 9.8 "CRITICAL".
* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv
* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)
* Make sure nSelectors is not out of range (CVE-2019-12900)
On Thu, Jun 27, 2019 at 10:10:31PM +0100, Stuart Henderson wrote:
> I had a quick look at a source code diff, despite 9 years gap
> there's not a lot of change. It looks pretty safe to me but given
> the risk of breakage I'd prefer to have more eyes on it.
I diffed 1.0.6 from 2010 and the current HEAD, actual C code changes
are minimal and look quite sane.