First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 213820
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Hanno Boeck <hanno@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
bzip2-CERT-FI-20469.patch bzip2-CERT-FI-20469.patch patch Robert Buchholz 2008-03-18 14:16 0000 1.72 KB Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 213820 depends on: Show dependency tree
Show dependency graph
Bug 213820 blocks:

Additional Comments: (this is where you put emerge --info)







View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2008-03-18 12:30 0000 
CERT-FI did a fuzzing tool test and discovered issues in various archiving
tools.

bzip2 is vulnerable, fixed in 1.0.5. This code is probably bundled in some
other packages.

------- Comment #1 From SpanKY 2008-03-18 13:38:19 0000 ------- 
ive added 1.0.5 to the tree ... now if only they didnt screw up the packaging
of it ...

------- Comment #2 From Robert Buchholz 2008-03-18 13:47:14 0000 ------- 
Arches, please test and mark stable:
=app-arch/bzip2-1.0.5
Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390
sh sparc x86"

------- Comment #3 From Robert Buchholz 2008-03-18 14:16:44 0000 ------- 
Created an attachment (id=146488) [edit]
bzip2-CERT-FI-20469.patch

Just for reference, the patch.

------- Comment #4 From Ferris McCormick 2008-03-18 16:31:22 0000 ------- 
Sparc stable.  All tests pass, it works on my files, and portage can use it.

------- Comment #5 From Jeroen Roovers 2008-03-18 17:17:26 0000 ------- 
(In reply to comment #4)
> Sparc stable.  All tests pass, it works on my files, and portage can use it.

That's odd. Ferris forgot to mark the ebuild. So er, stable for HPPA and SPARC
then. :)

------- Comment #6 From Tobias Scherbaum 2008-03-18 18:28:17 0000 ------- 
ppc stable

------- Comment #7 From Raúl Porcel 2008-03-18 18:30:32 0000 ------- 
alpha/ia64/x86 stable

------- Comment #8 From Steve Dibb 2008-03-19 00:34:46 0000 ------- 
amd64 stable

------- Comment #9 From Ryan Hill 2008-03-19 01:58:29 0000 ------- 
there's no need to cc mips on security stabilization bugs.  we're ~arch only.

------- Comment #10 From Markus Rothe 2008-03-19 19:00:37 0000 ------- 
ppc64 stable

------- Comment #11 From Peter Volkov 2008-03-19 20:53:31 0000 ------- 
Fixed in release snapshot.

------- Comment #12 From Robert Buchholz 2008-03-21 02:17:53 0000 ------- 
request filed

------- Comment #13 From Pierre-Yves Rofes 2008-04-02 21:31:43 0000 ------- 
GLSA 200804-02
First Last Prev Next    No search results available      Search page      Enter new bug