Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 18 Mar 2008 15:34:03 +0100
From: Robert Buchholz <>
Cc: "Steven M. Christey" <>
Subject: CVE request: bzip2 CERT-FI: 20469


CERT-FI: 20469 [1] was released yesterday, and with it a new bzip2 
release, quoting their CHANGES:

1.0.5 (10 Dec 07)
Security fix only.  Fixes CERT-FI 20469 as it applies to bzip2.

Reading the patch [2], it's missing a boundary check that can lead to an 
over-read on the tt/ll heap-buffer. I'd call this a DoS, did anyone 
else review?



Download attachment "signature.asc " of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.