Re: [SECURITY] [DLA 1833-2] bzip2 regression update

To: debian-lts-announce@lists.debian.org
Subject: Re: [SECURITY] [DLA 1833-2] bzip2 regression update
From: Thorsten Alteholz <debian@alteholz.de>
Date: Thu, 18 Jul 2019 22:54:47 +0200 (CEST)
Message-id: <[🔎] alpine.DEB.2.20.1907182252330.10234@jupiter.server.alteholz.net>
Mail-followup-to: debian-lts@lists.debian.org
In-reply-to: <alpine.DEB.2.20.1907182222460.9172@jupiter.server.alteholz.net>
References: <alpine.DEB.2.20.1907182222460.9172@jupiter.server.alteholz.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Sorry for the noise, but the fixed version in Jessie is:
   1.0.6-7+deb8u2


On Thu, 18 Jul 2019, Thorsten Alteholz wrote:

Package        : bzip2
Version        : 1.0.6-4+deb7u2
CVE ID         : CVE-2019-12900



The original fix for CVE-2019-12900 in bzip2, a high-quality
block-sorting file compressor, introduces regressions when extracting
certain lbzip2 files which were created with a buggy libzip2.
Please see https://bugs.debian.org/931278 for more information.


For Debian 8 "Jessie", this problem has been fixed in version
1.0.6-4+deb7u2.

We recommend that you upgrade your bzip2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Reply to:

Prev by Date: Re: New list: lts-do-call-me
Next by Date: libsdl2-image security issues in testing
Previous by thread: Re: New list: lts-do-call-me
Next by thread: libsdl2-image security issues in testing
Index(es):
- Date
- Thread