Source: bzip2 Version: 1.0.8-6 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 1.0.8-5
Hi, The following vulnerability was published for bzip2. CVE-2026-42250[0]: | bzip2 contains an off‑by‑one error in the bzip2recover utility. When | processing a specially crafted file, the application performs an | out‑of‑bounds write to a global buffer, resulting in memory | corruption and a crash (denial of service). This issue was fixed in | bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-42250 https://www.cve.org/CVERecord?id=CVE-2026-42250 [1] https://inbox.sourceware.org/bzip2-devel/[email protected]/ [2] https://sourceware.org/cgit/bzip2/commit/?id=35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
