So there's a debatable regression in bzip2-1.0.7. It cannot uncompress some files from lbzip2, which worked fine with bzip2-1.0.6, because of the fix for CVE-2019-12900.

Bzip2-1.0.6 and before had a bug with unvalidated input, which a fuzzer found to lead to a buffer overflow.

However, those version seemed to work for lbzip2 files, which (arguably wrongly) were writing the input value larger than bzip2 expected. - people who want to do code digging appreciated!

Regístrate para participar en la conversación

La red social del futuro: ¡Sin anuncios, sin vigilancia corporativa, diseño ético, y descentralización! ¡Sé dueño de tu información con Mastodon!