Bug 238843

Summary: bzip2: Merge recent upstream bugfixes incl. 3 security vulnerabilities
Product: Base System Reporter: Kubilay Kocak <koobs>
Component: binAssignee: Xin LI <delphij>
Status: Closed FIXED    
Severity: Affects Some People CC: delphij, emaste, obrien, re
Priority: --- Keywords: needs-qa, security
Version: CURRENTFlags: delphij: mfc-stable12+
delphij: mfc-stable11+
Hardware: Any   
OS: Any   
URL: https://sourceware.org/git/?p=bzip2.git;a=log
See Also: https://bugzilla.redhat.com/show_bug.cgi?id=1319648
https://bugzilla.redhat.com/show_bug.cgi?id=226979
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238854

Description Kubilay Kocak freebsd_committer freebsd_triage 2019-06-27 10:15:01 UTC 
Upstream recently committed several bugfixes including three security vulnerabilities (two with CVE's), and it appears a new release (likely 1.0.7) may  also be imminent.

The 2 (actual) + 1 (potential) security vulnerabilities:

Make sure nSelectors is not out of range (CVE-2019-12900)
https://sourceware.org/git/?p=bzip2.git;a=commit;h=7ed62bfb46e87a9e878712603469440e6882b184

bzip2recover: Fix use after free issue with outFile. (CVE-2016-3189)
https://sourceware.org/git/?p=bzip2.git;a=commit;h=c1cdd98db3238cb711c7d9cdc5671452ce2822cb

bzip2recover: Fix buffer overflow for large argv[0].
https://sourceware.org/git/?p=bzip2.git;a=commit;h=833548edc0eb4af85ce8da193835f0f31a6c300f

CC re@ as we probably want this in 11.3-RELEASE
Comment 1 commit-hook freebsd_committer freebsd_triage 2019-06-28 01:54:38 UTC 
A commit references this bug:

Author: delphij
Date: Fri Jun 28 01:53:35 UTC 2019
New revision: 349495
URL: https://svnweb.freebsd.org/changeset/base/349495

Log:
  Update upgrade instructions.

  PR:		238843

Changes:
  vendor/bzip2/FREEBSD-Xlist
  vendor/bzip2/FREEBSD-upgrade