[3.10] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
(from redmine: issue id 10644, created on 2019-07-02, closed on 2019-07-09)
- Relations:
- parent #10642 (closed)
- Changesets:
- Revision f47a9e1d on 2019-07-04T19:24:02Z:
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10644
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information