commit | c1cdd98db3238cb711c7d9cdc5671452ce2822cb | [log] [tgz] |
---|---|---|
author | Mark Wielaard <mark@klomp.org> | Mon Jun 24 00:45:32 2019 +0200 |
committer | Mark Wielaard <mark@klomp.org> | Mon Jun 24 00:58:47 2019 +0200 |
tree | ab84c05bb15b96f655c1914a9907a38c4d76f0fe | |
parent | 833548edc0eb4af85ce8da193835f0f31a6c300f [diff] |
bzip2recover: Fix use after free issue with outFile. bzip2recover.c (main): Make sure to set outFile to NULL when done. This was reported as CVE-2016-3189 and found in multiple distributions. https://seclists.org/oss-sec/2016/q2/568 Some more analysis can be found in: https://bugzilla.redhat.com/show_bug.cgi?id=1319648