Seguir

So there's a debatable regression in bzip2-1.0.7. It cannot uncompress some files from lbzip2, which worked fine with bzip2-1.0.6, because of the fix for CVE-2019-12900.

Bzip2-1.0.6 and before had a bug with unvalidated input, which a fuzzer found to lead to a buffer overflow.

However, those version seemed to work for lbzip2 files, which (arguably wrongly) were writing the input value larger than bzip2 expected.

gitlab.com/federicomenaquinter - people who want to do code digging appreciated!

Regístrate para participar en la conversación
MaSToDoN.MX

Mastodon es una red social basada en protocolos web abiertos y software libre y de código abierto. Está descentralizado como correo electrónico.