[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: bzip2 CERT-FI: 20469
From:       Josh Bressers <bressers () redhat ! com>
Date:       2008-03-20 0:54:15
Message-ID: 23284.1205974455 () devserv ! devel ! redhat ! com
[Download RAW message or body]

> 
> I'm running version 1.0.4 through the bzip2 files now (it takes a long time
> to run, there are a lot of files).  If I find the reproducer, I'll let you
> know.
> 
> I saw no crashes when I ran the CERT-FI suite over bzip2 versions 1.0.1,
> 1.0.2, and 1.0.3.
> 

I mailed upstream, the file we want is 1203ea663ea8545c9b66ad3ef46425d0.bz2

The problem I had with my testrunner is that the bunzip2 has a segfault
handler.  Rather that properly segfaulting, it's doing an exit(2).  I'm
going to rerun the suite with this new knowledge now to see what's affected
and how.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]