Summary: | <app-arch/bzip2-1.0.6-r11: out-of-bounds write | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Holzknecht <nightdragon> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | nightdragon |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://nvd.nist.gov/vuln/detail/CVE-2019-12900 | ||
Whiteboard: | A4 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Holzknecht
2019-06-24 14:59:55 UTC
Correction: Type: 1.0.6-r2 should be 1.0.6-r11 so a patch as r12 would be nice. Thanks. As far as I can see, -r11 already includes the fix for CVE-2019-12900: decompress.c:291 if (nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); Fix is already in 1.0.6 https://gitlab.com/federicomenaquintero/bzip2/commit/812a898b7622de90e98f103ff7fed0984e4548e4 |