Source: bzip2 Version: 1.0.6-9.1 Severity: normal Tags: upstream Forwarded: https://gitlab.com/federicomenaquintero/bzip2/issues/24
The fix for CVE-2019-12900 causes that some lbzip2 compressed files cannot be uncompressed anymore. There ws a bug in libzip2 which got fixed, but files produced before this fix could cause the issue. There is upstream discussion if that should be actually fixed past the CVE fix, because files produced by broken lbzip2 could cause memory corruption in bzip2. The fix for the CVE is actually correct. But OTOH if there can be done something to workaround those issues, then they might be applied. For now filling the bug for tracking and see further development. There is a WIP patch. Regards, Salvatore [0] https://gitlab.com/federicomenaquintero/bzip2/issues/24 [1] https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/1834494