bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900) (#10642) · Issues · alpine / aports · GitLab

bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds
write when there are many selectors.

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900

Patch:

https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

(from redmine: issue id 10642, created on 2019-07-02, closed on 2019-07-09)

Relations:
- child #10643 (closed)
- child #10644 (closed)
- child #10645 (closed)
- child #10646 (closed)
- child #10647 (closed)

To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information