[Bug 203997] Re: new upstream release 1.05 with security fix
Launchpad has imported 14 comments from the remote bug at https://bugs.gentoo.org/show_bug.cgi?id=213820. If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. On 2008-03-18T12:30:45+00:00 hanno wrote: CERT-FI did a fuzzing tool test and discovered issues in various archiving tools. bzip2 is vulnerable, fixed in 1.0.5. This code is probably bundled in some other packages. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/0 On 2008-03-18T13:38:19+00:00 vapier wrote: ive added 1.0.5 to the tree ... now if only they didnt screw up the packaging of it ... Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/1 On 2008-03-18T13:47:14+00:00 rbu wrote: Arches, please test and mark stable: =app-arch/bzip2-1.0.5 Target keywords : "alpha amd64 arm hppa ia64 m68k mips ppc ppc64 release s390 sh sparc x86" Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/2 On 2008-03-18T14:16:44+00:00 rbu wrote: Created attachment 146488 bzip2-CERT-FI-20469.patch Just for reference, the patch. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/3 On 2008-03-18T16:31:22+00:00 fmccor wrote: Sparc stable. All tests pass, it works on my files, and portage can use it. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/4 On 2008-03-18T17:17:26+00:00 jer wrote: (In reply to comment #4) > Sparc stable. All tests pass, it works on my files, and portage can use it. That's odd. Ferris forgot to mark the ebuild. So er, stable for HPPA and SPARC then. :) Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/5 On 2008-03-18T18:28:17+00:00 dertobi123 wrote: ppc stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/6 On 2008-03-18T18:30:32+00:00 armin76 wrote: alpha/ia64/x86 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/7 On 2008-03-19T00:34:46+00:00 beandog wrote: amd64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/8 On 2008-03-19T01:58:29+00:00 rhill wrote: there's no need to cc mips on security stabilization bugs. we're ~arch only. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/9 On 2008-03-19T19:00:37+00:00 corsair wrote: ppc64 stable Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/11 On 2008-03-19T20:53:31+00:00 pva wrote: Fixed in release snapshot. Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/13 On 2008-03-21T02:17:53+00:00 rbu wrote: request filed Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/14 On 2008-04-02T21:31:43+00:00 py wrote: GLSA 200804-02 Reply at: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/comments/16 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/203997 Title: new upstream release 1.05 with security fix To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/bzip2/+bug/203997/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
** Changed in: bzip2 (Gentoo Linux) Importance: Unknown = Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/203997 Title: new upstream release 1.05 with security fix -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
** Changed in: bzip2 (Arch Linux) Status: In Progress = Fix Released -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
** Also affects: bzip2 (Arch Linux) Importance: Undecided Status: New ** Changed in: bzip2 (Arch Linux) Status: New = In Progress -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
** Changed in: bzip2 (Gentoo Linux) Status: Confirmed = Fix Released -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
** Bug watch added: Mandriva Linux #39069 http://qa.mandriva.com/show_bug.cgi?id=39069 ** Also affects: bzip2 (Mandriva) via http://qa.mandriva.com/show_bug.cgi?id=39069 Importance: Unknown Status: Unknown -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
** Bug watch added: Gentoo Bugzilla #213820 http://bugs.gentoo.org/show_bug.cgi?id=213820 ** Also affects: bzip2 (Gentoo Linux) via http://bugs.gentoo.org/show_bug.cgi?id=213820 Importance: Unknown Status: Unknown -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
** Changed in: bzip2 (Gentoo Linux) Status: Unknown = Confirmed -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
This has been released as: http://www.ubuntu.com/usn/usn-590-1 ** Changed in: bzip2 (Ubuntu) Status: Confirmed = Fix Released -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 203997] Re: new upstream release 1.05 with security fix
CVE-2008-1372 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2008-1372 ** Changed in: bzip2 (Ubuntu) Importance: Undecided = Low Assignee: (unassigned) = Kees Cook (keescook) Status: New = Confirmed -- new upstream release 1.05 with security fix https://bugs.launchpad.net/bugs/203997 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs