Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#52277 - [bzip2] CVE-2016-3189 heap use after free in bzip2recover
Attached to Project:
Arch Linux
Opened by Matt (ilikenwf) - Monday, 26 December 2016, 18:35 GMT
Last edited by Ronald van Haren (pressh) - Wednesday, 28 December 2016, 10:29 GMT
Opened by Matt (ilikenwf) - Monday, 26 December 2016, 18:35 GMT
Last edited by Ronald van Haren (pressh) - Wednesday, 28 December 2016, 10:29 GMT
|
DetailsThe original redhat discussion has a proposed, simple patch:
https://bugzilla.redhat.com/show_bug.cgi?id=1319648 https://bugzilla.redhat.com/attachment.cgi?id=1169843 |
This task depends upon
Closed by Ronald van Haren (pressh)
Wednesday, 28 December 2016, 10:29 GMT
Reason for closing: Implemented
Additional comments about closing: bzip2-1.0.6-6
Wednesday, 28 December 2016, 10:29 GMT
Reason for closing: Implemented
Additional comments about closing: bzip2-1.0.6-6
http://sprunge.us/bMFC
Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.