Package: bzip2 / 1.0.6-9

bzip2recover-CVE-2016-3189.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Author: Jakub Martisko <jamartis@redhat.com>
Date: Wed, 30 Mar 2016 10:22:27 +0200
Description: bzip2recover: Fix potential use-after-free
Origin: https://bugzilla.redhat.com/attachment.cgi?id=1169843&action=edit
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2016-3189
Bug-Debian: https://bugs.debian.org/827744

--- a/bzip2recover.c
+++ b/bzip2recover.c
@@ -472,6 +472,7 @@
             bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
             bsPutUInt32 ( bsWr, blockCRC );
             bsClose ( bsWr );
+            outFile = NULL;
          }
          if (wrBlock >= rbCtr) break;
          wrBlock++;