Path to this page:
Subject: CVS commit: pkgsrc/archivers/bzip2
From: Lubomir Sedlacik
Date: 2005-05-26 17:03:11
Message id: 20050526150311.8569D2DA27@cvs.netbsd.org
Log Message:
Security update to version 1.0.3
- Further robustification against corrupted compressed data.
There are currently no known bitstreams which can cause the
decompressor to crash, loop or access memory which does not
belong to it. If you are using bzip2 or the library to
decompress bitstreams from untrusted sources, an upgrade
to 1.0.3 is recommended.
http://scary.beasts.org/security/CESA-2005-002.txt
- The documentation has been converted to XML, from which html
and pdf can be derived.
- Various minor bugs in the documentation have been fixed.
- Fixes for various compilation warnings with newer versions of
gcc, and on 64-bit platforms.
- The BZ_NO_STDIO cpp symbol was not properly observed in 1.0.2.
This has been fixed.
Files: