From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bzip2-devel-return-23-listarch-bzip2-devel=sourceware.org@sourceware.org>
Received: (qmail 42250 invoked by alias); 27 Jun 2019 18:54:12 -0000
Mailing-List: contact bzip2-devel-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Post: <mailto:bzip2-devel@sourceware.org>
List-Help: <mailto:bzip2-devel-help@sourceware.org>
List-Subscribe: <mailto:bzip2-devel-subscribe@sourceware.org>
List-Id: <bzip2-devel.sourceware.org>
Sender: bzip2-devel-owner@sourceware.org
Received: (qmail 42239 invoked by uid 89); 27 Jun 2019 18:54:12 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Checked: by ClamAV 0.100.3 on sourceware.org
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-6.3 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1 spammy=HX-Languages-Length:930, his
X-Spam-Status: No, score=-6.3 required=5.0 tests=AWL,BAYES_00,SPF_PASS autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on sourceware.org
X-Spam-Level: 
X-HELO: gnu.wildebeest.org
Message-ID: <b8aab785a67113e4f50c54a6cb59129c11f805b6.camel@klomp.org>
Subject: bzip2 1.0.7 released
From: Mark Wielaard <mark@klomp.org>
To: bzip2-devel@sourceware.org
Cc: lwn@lwn.net, Julian Seward <jseward@acm.org>
Date: Tue, 01 Jan 2019 00:00:00 -0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Evolution 3.28.5 (3.28.5-2.el7) 
Mime-Version: 1.0
X-Spam-Flag: NO
X-SW-Source: 2019-q2/txt/msg00022.txt.bz2

We are happy to announce the release of bzip2 1.0.7.

This is an emergency release because the old bzip2 home
is gone and there were outstanding security issues.
The original bzip2 home, downloads and documentation
can now be found at: https://sourceware.org/bzip2/

bzip2 1.0.7 contains only the following bug/security fixes:

* Fix undefined behavior in the macros SET_BH, CLEAR_BH, & ISSET_BH
* bzip2: Fix return value when combining --test,-t and -q.
* bzip2recover: Fix buffer overflow for large argv[0]
* bzip2recover: Fix use after free issue with outFile (CVE-2016-3189)
* Make sure nSelectors is not out of range (CVE-2019-12900)

A future 1.1.x release is being prepared by Federico Mena Quintero
which will include more fixes, an updated build system and possibly
an updated SONAME default.

Please read his blog for more background on this:
https://people.gnome.org/~federico/blog/tag/bzip2.html