CERT-FI did a fuzzing tool test and discovered issues in various archiving tools.
bzip2 is vulnerable, fixed in 1.0.5. This code is probably bundled in some other packages.
ive added 1.0.5 to the tree ... now if only they didnt screw up the packaging of it ...
Arches, please test and mark stable:
Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86"
Created attachment 146488 [details, diff]
Just for reference, the patch.
Sparc stable. All tests pass, it works on my files, and portage can use it.
(In reply to comment #4)
> Sparc stable. All tests pass, it works on my files, and portage can use it.
That's odd. Ferris forgot to mark the ebuild. So er, stable for HPPA and SPARC then. :)
there's no need to cc mips on security stabilization bugs. we're ~arch only.
Fixed in release snapshot.