So there's a debatable regression in bzip2-1.0.7. It cannot uncompress some files from lbzip2, which worked fine with bzip2-1.0.6, because of the fix for CVE-2019-12900.
Bzip2-1.0.6 and before had a bug with unvalidated input, which a fuzzer found to lead to a buffer overflow.
However, those version seemed to work for lbzip2 files, which (arguably wrongly) were writing the input value larger than bzip2 expected.
https://gitlab.com/federicomenaquintero/bzip2/issues/24 - people who want to do code digging appreciated!
La red social del futuro: ¡Sin anuncios, sin vigilancia corporativa, diseño ético, y descentralización! ¡Sé dueño de tu información con Mastodon!