Launchpad has imported 14 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=213820.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-03-18T12:30:45+00:00 hanno wrote: CERT-FI did a fuzzing tool test and discovered issues in various archiving tools. bzip2 is vulnerable, fixed in 1.0.5. This code is probably bundled in some other packages. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/0 ------------------------------------------------------------------------ On 2008-03-18T13:38:19+00:00 vapier wrote: ive added 1.0.5 to the tree ... now if only they didnt screw up the packaging of it ... Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/1 ------------------------------------------------------------------------ On 2008-03-18T13:47:14+00:00 rbu wrote: Arches, please test and mark stable: =app-arch/bzip2-1.0.5 Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86" Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/2 ------------------------------------------------------------------------ On 2008-03-18T14:16:44+00:00 rbu wrote: Created attachment 146488 bzip2-CERT-FI-20469.patch Just for reference, the patch. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/3 ------------------------------------------------------------------------ On 2008-03-18T16:31:22+00:00 fmccor wrote: Sparc stable. All tests pass, it works on my files, and portage can use it. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/4 ------------------------------------------------------------------------ On 2008-03-18T17:17:26+00:00 jer wrote: (In reply to comment #4) > Sparc stable. All tests pass, it works on my files, and portage can use it. That's odd. Ferris forgot to mark the ebuild. So er, stable for HPPA and SPARC then. :) Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/5 ------------------------------------------------------------------------ On 2008-03-18T18:28:17+00:00 dertobi123 wrote: ppc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/6 ------------------------------------------------------------------------ On 2008-03-18T18:30:32+00:00 armin76 wrote: alpha/ia64/x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/7 ------------------------------------------------------------------------ On 2008-03-19T00:34:46+00:00 beandog wrote: amd64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/8 ------------------------------------------------------------------------ On 2008-03-19T01:58:29+00:00 rhill wrote: there's no need to cc mips on security stabilization bugs. we're ~arch only. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/9 ------------------------------------------------------------------------ On 2008-03-19T19:00:37+00:00 corsair wrote: ppc64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/11 ------------------------------------------------------------------------ On 2008-03-19T20:53:31+00:00 pva wrote: Fixed in release snapshot. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/13 ------------------------------------------------------------------------ On 2008-03-21T02:17:53+00:00 rbu wrote: request filed Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/14 ------------------------------------------------------------------------ On 2008-04-02T21:31:43+00:00 py wrote: GLSA 200804-02 Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/16 -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to bzip2 in Ubuntu. https://bugs.launchpad.net/bugs/203997 Title: new upstream release 1.05 with security fix Status in bzip2 package in Ubuntu: Fix Released Status in bzip2 package in Arch Linux: Fix Released Status in bzip2 package in Gentoo Linux: Fix Released Status in bzip2 package in Mandriva: Unknown Bug description: Binary package hint: bzip2 The current version is 1.0.5, released 17 March 2008. Version 1.0.5 removes a potential security vulnerability (CERT-FI 20469 as it applies to bzip2) in versions 1.0.4 and earlier, so all users are recommended to upgrade immediately. https://www.cert.fi/haavoittuvuudet/joint-advisory-archive- formats.html CHANGES: 1.0.5 (10 Dec 07) ~~~~~~~~~~~~~~~~~ Security fix only. Fixes CERT-FI 20469 as it applies to bzip2. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp