Bug#853760: unblock: bzip2/1.0.6-8.1
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Hi
Please unblock package bzip2
Ben Hutchings fixed #827744 (CVE-2016-3189) for bzip2 via a NMU to
unstable. Could you please unblock bzip2 to have the fix included in
stretch.
Changelog:
>bzip2 (1.0.6-8.1) unstable; urgency=medium
>
> * Non-maintainer upload.
> * bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)
>
> -- Ben Hutchings <ben@decadent.org.uk> Sun, 29 Jan 2017 18:30:31 +0000
unblock bzip2/1.0.6-8.1
Attached is the debdiff against the version currently in testing.
Regards,
Salvatore
diff -Nru bzip2-1.0.6/debian/changelog bzip2-1.0.6/debian/changelog
--- bzip2-1.0.6/debian/changelog 2015-05-19 21:37:53.000000000 +0200
+++ bzip2-1.0.6/debian/changelog 2017-01-29 19:30:31.000000000 +0100
@@ -1,3 +1,10 @@
+bzip2 (1.0.6-8.1) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * bzip2recover: Fix potential use-after-free, Closes: #827744 (CVE-2016-3189)
+
+ -- Ben Hutchings <ben@decadent.org.uk> Sun, 29 Jan 2017 18:30:31 +0000
+
bzip2 (1.0.6-8) unstable; urgency=medium
* Remove Jorge Ernesto Guevara Cuenca from Uploaders, as agreed with him.
diff -Nru bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch
--- bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 1970-01-01 01:00:00.000000000 +0100
+++ bzip2-1.0.6/debian/patches/bzip2recover-CVE-2016-3189.patch 2017-01-29 19:30:31.000000000 +0100
@@ -0,0 +1,17 @@
+Author: Jakub Martisko <jamartis@redhat.com>
+Date: Wed, 30 Mar 2016 10:22:27 +0200
+Description: bzip2recover: Fix potential use-after-free
+Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
+Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
+Bug-Debian: https://bugs.debian.org/827744
+
+--- a/bzip2recover.c
++++ b/bzip2recover.c
+@@ -472,6 +472,7 @@ Int32 main ( Int32 argc, Char** argv )
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++ outFile = NULL;
+ }
+ if (wrBlock >= rbCtr) break;
+ wrBlock++;
diff -Nru bzip2-1.0.6/debian/patches/series bzip2-1.0.6/debian/patches/series
--- bzip2-1.0.6/debian/patches/series 2014-07-26 17:46:24.000000000 +0200
+++ bzip2-1.0.6/debian/patches/series 2017-01-29 19:30:31.000000000 +0100
@@ -1,3 +1,4 @@
10-bzip2.1.patch
20-legacy.patch
30-bzip2-harden.patch
+bzip2recover-CVE-2016-3189.patch
Reply to: