CERT-FI did a fuzzing tool test and discovered issues in various archiving tools. bzip2 is vulnerable, fixed in 1.0.5. This code is probably bundled in some other packages.
ive added 1.0.5 to the tree ... now if only they didnt screw up the packaging of it ...
Arches, please test and mark stable: =app-arch/bzip2-1.0.5 Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86"
Created attachment 146488 [details, diff] bzip2-CERT-FI-20469.patch Just for reference, the patch.
Sparc stable. All tests pass, it works on my files, and portage can use it.
(In reply to comment #4) > Sparc stable. All tests pass, it works on my files, and portage can use it. That's odd. Ferris forgot to mark the ebuild. So er, stable for HPPA and SPARC then. :)
ppc stable
alpha/ia64/x86 stable
amd64 stable
there's no need to cc mips on security stabilization bugs. we're ~arch only.
ppc64 stable
Fixed in release snapshot.
request filed
GLSA 200804-02