oss-sec mailing list archives
Re: CVE request: bzip2 CERT-FI: 20469
From: Josh Bressers <bressers () redhat com>
Date: Wed, 19 Mar 2008 20:54:15 -0400
I'm running version 1.0.4 through the bzip2 files now (it takes a long time to run, there are a lot of files). If I find the reproducer, I'll let you know. I saw no crashes when I ran the CERT-FI suite over bzip2 versions 1.0.1, 1.0.2, and 1.0.3.
I mailed upstream, the file we want is 1203ea663ea8545c9b66ad3ef46425d0.bz2
The problem I had with my testrunner is that the bunzip2 has a segfault
handler. Rather that properly segfaulting, it's doing an exit(2). I'm
going to rerun the suite with this new knowledge now to see what's affected
and how.
--
JB
Current thread:
- CVE request: bzip2 CERT-FI: 20469 Robert Buchholz (Mar 18)
- Re: CVE request: bzip2 CERT-FI: 20469 Josh Bressers (Mar 18)
- Re: CVE request: bzip2 CERT-FI: 20469 Steven M. Christey (Mar 18)
- Re: CVE request: bzip2 CERT-FI: 20469 Josh Bressers (Mar 19)
- Re: CVE request: bzip2 CERT-FI: 20469 Josh Bressers (Mar 18)