new upstream release 1.05 with security fix
Bug #203997 reported by
André Klitzing
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bzip2 (Arch Linux) |
Fix Released
|
Undecided
|
Unassigned | ||
bzip2 (Gentoo Linux) |
Fix Released
|
Medium
|
|||
bzip2 (Mandriva) |
Unknown
|
Unknown
|
|||
bzip2 (Ubuntu) |
Fix Released
|
Low
|
Kees Cook |
Bug Description
Binary package hint: bzip2
The current version is 1.0.5, released 17 March 2008.
Version 1.0.5 removes a potential security vulnerability (CERT-FI 20469 as it applies to bzip2) in versions 1.0.4 and earlier, so all users are recommended to upgrade immediately.
https:/
CHANGES:
1.0.5 (10 Dec 07)
~~~~~~~~~~~~~~~~~
Security fix only. Fixes CERT-FI 20469 as it applies to bzip2.
CVE References
Changed in bzip2: | |
status: | Unknown → Confirmed |
Changed in bzip2: | |
status: | Confirmed → Fix Released |
Changed in bzip2: | |
status: | New → In Progress |
Changed in bzip2: | |
status: | In Progress → Fix Released |
Changed in bzip2 (Gentoo Linux): | |
importance: | Unknown → Medium |
To post a comment you must log in.
CERT-FI did a fuzzing tool test and discovered issues in various archiving tools.
bzip2 is vulnerable, fixed in 1.0.5. This code is probably bundled in some other packages.