Greetings, attached diff fixes CVE-2019-12900 (BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.) The vulnerability has a CVSS v3.0 score of 9.8 "CRITICAL".
It is essentially the patch from https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc Comments? Kind Regards, Henry
diff -urN archivers/bzip2/Makefile mystuff/archivers/bzip2/Makefile --- archivers/bzip2/Makefile Fri Aug 24 21:06:12 2018 +++ mystuff/archivers/bzip2/Makefile Mon Jun 24 15:37:39 2019 @@ -3,7 +3,7 @@ COMMENT= block-sorting file compressor, unencumbered DISTNAME= bzip2-1.0.6 -REVISION= 9 +REVISION= 10 CATEGORIES= archivers diff -urN archivers/bzip2/patches/patch-decompress_c mystuff/archivers/bzip2/patches/patch-decompress_c --- archivers/bzip2/patches/patch-decompress_c Thu Jan 1 01:00:00 1970 +++ mystuff/archivers/bzip2/patches/patch-decompress_c Mon Jun 24 15:50:00 2019 @@ -0,0 +1,12 @@ +Index: decompress.c +--- decompress.c.orig ++++ decompress.c +@@ -287,7 +287,7 @@ Int32 BZ2_decompress ( DState* s ) + GET_BITS(BZ_X_SELECTOR_1, nGroups, 3); + if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR); + GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15); +- if (nSelectors < 1) RETURN(BZ_DATA_ERROR); ++ if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR); + for (i = 0; i < nSelectors; i++) { + j = 0; + while (True) {