[3.9] bzip2: out-of-bounds write in function BZ2_decompress (CVE-2019-12900)
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an
out-of-bounds
write when there are many selectors.
References:
https://nvd.nist.gov/vuln/detail/CVE-2019-12900
https://security-tracker.debian.org/tracker/CVE-2019-12900
Patch:
https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
(from redmine: issue id 10645, created on 2019-07-02, closed on 2019-07-09)
- Relations:
- parent #10642 (closed)
- Changesets:
- Revision d8ead9ac on 2019-07-04T19:25:48Z:
main/bzip2: add patch for CVE-2019-12900
Adding the upstream bzip2 security patch to fix the out of bounds security
vulnerability in bzip2.
fixes #10645