91563 – app-arch/bzip2: 1.0.3 fixes DoS (CAN-2005-1260)

Bug 91563 - app-arch/bzip2: 1.0.3 fixes DoS (CAN-2005-1260)

Summary: app-arch/bzip2: 1.0.3 fixes DoS (CAN-2005-1260)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All All

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://www.bzip.org/CHANGES
Whiteboard:	A4 [noglsa] jaervosz
Keywords:

Depends on:
Blocks:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tavis Ormandy (RETIRED) gentoo-dev

2005-05-05 05:43:24 UTC

bzip2-1.0.3 fixes a DoS "zip-of-death"-type attack, where a small bzip2 file will consume all available secondary storage.

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2005-05-05 05:49:02 UTC

1.0.3 is stable in portage. ;-)

Comment 2 SpanKY gentoo-dev

2005-05-05 05:50:18 UTC

yeah, i dont know why you felt the need to cc base-system, i marked 1.0.3 stable a few days ago for all arches

Comment 3 Tavis Ormandy (RETIRED) gentoo-dev

2005-05-05 06:16:17 UTC

sorry for bugspam. we still need a bug to track glsa vote.

Comment 4 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-05 07:16:40 UTC

Thx for your comments and work everyone. This one is ready for GLSA decision. I tend to vote NO.

Comment 5 Tavis Ormandy (RETIRED) gentoo-dev

2005-05-05 07:23:47 UTC

Agree with Sune, not worth a glsa imho.

Comment 6 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-05 07:27:02 UTC

Comment 7 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-05 07:27:02 UTC

1½ votes for NO so far.

Comment 8 SpanKY gentoo-dev

2005-05-10 15:16:08 UTC

yeah, no GLSA says i

Comment 9 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-10 21:50:29 UTC

Comment 10 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-05-10 21:50:29 UTC

2½ NO votes-> Closing without GLSA. Feel free to reopen if you disagree.