So there's a debatable regression in bzip2-1.0.7. It cannot uncompress some files from lbzip2, which worked fine with bzip2-1.0.6, because of the fix for CVE-2019-12900.
Bzip2-1.0.6 and before had a bug with unvalidated input, which a fuzzer found to lead to a buffer overflow.
However, those version seemed to work for lbzip2 files, which (arguably wrongly) were writing the input value larger than bzip2 expected.
https://gitlab.com/federicomenaquintero/bzip2/issues/24 - people who want to do code digging appreciated!
Mastodon es una red social basada en protocolos web abiertos y software libre y de código abierto. Está descentralizado como correo electrónico.