-
bzip2 (1.0.5-6ubuntu1.11.04.1) natty-security; urgency=low
* SECURITY UPDATE: Fix temporary file creation race condition
- bzexe: Ensure link target is a regular file. Patch from vladz.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=632862#5
- CVE-2011-4089
-- Tyler Hicks <email address hidden> Mon, 12 Dec 2011 11:32:00 -0600
-
bzip2 (1.0.5-6ubuntu1) natty; urgency=low
* lib32bz2-1.0 only pre-depends on libc6-i386 on amd64; that
pre-dependency is nonsensical on ppc64.
-- Colin Watson <email address hidden> Sun, 20 Feb 2011 15:55:37 +0000
-
bzip2 (1.0.5-6) unstable; urgency=high
* Fix integer overflow
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
http://www.debian.org/security/2010/dsa-2112
Closes: 597585
bzip2 (1.0.5-5) unstable; urgency=low
* Provide missing symlinks in lib32bz2-1.0 and lib64bz2-1.0
Patch by Michael Gilbert
Closes: 594733
-- Artur Rona <email address hidden> Fri, 22 Oct 2010 15:29:42 +0000
-
bzip2 (1.0.5-4ubuntu1) maverick; urgency=low
* SECURITY UPDATE: fix integer overflow in BZ2_decompress()
- decompress.c: return error if N is larger than 2*1024^2 which keeps es
from overflowing but leaves enough room for the 900k maximum value of
the RUNA/RUNB encoding
- patch from upstream
- CVE-2010-0405
-- Jamie Strandboge <email address hidden> Thu, 09 Sep 2010 08:44:45 -0500