Bug 238843 - bzip2: Merge recent upstream bugfixes incl. 3 security vulnerabilities
Summary: bzip2: Merge recent upstream bugfixes incl. 3 security vulnerabilities
Status: Closed FIXED
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Some People
Assignee: Xin LI
URL: https://sourceware.org/git/?p=bzip2.g...
Keywords: needs-qa, security
Depends on:
Blocks:
 
Reported: 2019-06-27 10:15 UTC by Kubilay Kocak
Modified: 2019-08-19 20:09 UTC (History)
4 users (show)

See Also:
delphij: mfc-stable12+
delphij: mfc-stable11+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kubilay Kocak freebsd_committer freebsd_triage 2019-06-27 10:15:01 UTC 
Upstream recently committed several bugfixes including three security vulnerabilities (two with CVE's), and it appears a new release (likely 1.0.7) may  also be imminent.

The 2 (actual) + 1 (potential) security vulnerabilities:

Make sure nSelectors is not out of range (CVE-2019-12900)
https://sourceware.org/git/?p=bzip2.git;a=commit;h=7ed62bfb46e87a9e878712603469440e6882b184

bzip2recover: Fix use after free issue with outFile. (CVE-2016-3189)
https://sourceware.org/git/?p=bzip2.git;a=commit;h=c1cdd98db3238cb711c7d9cdc5671452ce2822cb

bzip2recover: Fix buffer overflow for large argv[0].
https://sourceware.org/git/?p=bzip2.git;a=commit;h=833548edc0eb4af85ce8da193835f0f31a6c300f

CC re@ as we probably want this in 11.3-RELEASE
Comment 1 commit-hook freebsd_committer freebsd_triage 2019-06-28 01:54:38 UTC 
A commit references this bug:

Author: delphij
Date: Fri Jun 28 01:53:35 UTC 2019
New revision: 349495
URL: https://svnweb.freebsd.org/changeset/base/349495

Log:
  Update upgrade instructions.

  PR:		238843

Changes:
  vendor/bzip2/FREEBSD-Xlist
  vendor/bzip2/FREEBSD-upgrade