Jonkman Microblog
  • Login
Show Navigation

  • Public

    • Public
    • Network
    • Groups
    • Popular
    • People

Conversation

Notices

  1. Federico Mena Quintero (federicomena@mstdn.mx)'s status on Thursday, 27-Jun-2019 20:37:52 EDT Federico Mena Quintero Federico Mena Quintero

    So there's a debatable regression in bzip2-1.0.7. It cannot uncompress some files from lbzip2, which worked fine with bzip2-1.0.6, because of the fix for CVE-2019-12900.

    Bzip2-1.0.6 and before had a bug with unvalidated input, which a fuzzer found to lead to a buffer overflow.

    However, those version seemed to work for lbzip2 files, which (arguably wrongly) were writing the input value larger than bzip2 expected.

    https://gitlab.com/federicomenaquintero/bzip2/issues/24 - people who want to do code digging appreciated!

    In conversation Thursday, 27-Jun-2019 20:37:52 EDT from mstdn.mx permalink
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

Jonkman Microblog is a social network, courtesy of SOBAC Microcomputer Services. It runs on GNU social, version 1.2.0-beta5, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All Jonkman Microblog content and data are available under the Creative Commons Attribution 3.0 license.

Switch to desktop site layout.