Updating bzip2 to remove potential security vulnerability

Bruce Cran bruce at cran.org.uk
Fri Oct 1 22:16:21 UTC 2010

On Fri, 1 Oct 2010 17:49:29 -0400
Jerry <freebsd.user at seibercom.net> wrote:

> OK, I just updated my sources; however, this notation from the
> UPDATING file does NOT appear in the UPDATING file on my machine:
> 20100920:	p1	FreeBSD-SA-10:08.bzip2
> 	Fix an integer overflow in RLE length parsing when
> decompressing corrupt bzip2 data.
> I am using this as the tag, which is probably incorrect.
> default release=cvs tag=RELENG_8
> This is the stock standard-supfile. The stock stable-supfile has the
> same tag.

Sorry, it seems stable/8 UPDATING hasn't been updated. Instead, check
that you have rev of contrib/bzip2/decompress.c .

I guess that since -stable isn't a release branch that it
doesn't get security issues logged in UPDATING?


More information about the freebsd-questions mailing list