FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bzip2 -- multiple issues

Affected packages
bzip2 < 1.0.7

Details

VuXML ID 4b6cb45d-881e-447a-a4e0-c97a954ea758
Discovery 2019-06-23
Entry 2019-06-30

bzip2 developers reports:

CVE-2016-3189 - Fix use-after-free in bzip2recover (Jakub Martisko)

CVE-2019-12900 - Detect out-of-range nSelectors in corrupted files (Albert Astals Cid). Found through fuzzing karchive.

References

CVE Name CVE-2016-3189
CVE Name CVE-2019-12900
URL https://bugzilla.redhat.com/show_bug.cgi?id=1319648
URL https://gitlab.com/federicomenaquintero/bzip2/blob/master/NEWS