AVG-4

Package bzip2
Status Fixed
Severity Low
Type denial of service
Affected 1.0.6-5
Fixed 1.0.6-6
Current 1.0.6-7 [core]
Ticket None
Created Sun Sep 18 15:55:06 2016
Issue Severity Remote Type Description
CVE-2016-3189 Low No Denial of service
A use-after-free flaw was found in bzip2recover, leading to a null pointer dereference, or a write to a closed file descriptor. An attacker could use this...
Date Advisory Package Description
22 Feb 2017 ASA-201702-19 bzip2 denial of service
References
https://bugzilla.redhat.com/show_bug.cgi?id=1319648
Notes
It was fixed here: https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bzip2&id=93437a268741fb937166b84662ce4429e8adba66
By integrating this patch: https://bugzilla.redhat.com/attachment.cgi?id=1169843