[3.9] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900) (#10645) · Issues · alpine / aports

[3.9] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds
write when there are many selectors.

References:

https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900

Patch:

https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

(from redmine: issue id 10645, created on 2019-07-02, closed on 2019-07-09)

Relations:
- parent #10642 (closed)
Changesets:
- Revision d8ead9ac on 2019-07-04T19:25:48Z:

main/bzip2: add patch for CVE-2019-12900

Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.

fixes #10645

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information