bugged bzip2?

John B Brown jbb at vcn.com
Sun Oct 24 20:46:38 PDT 2010



Ryan Schmidt wrote:
> On Oct 24, 2010, at 21:01, John B Brown wrote:
> 
>>              bzip2       : bugged (CVE-2010-0405)
> 
>> 	This is the tail end of the compile. Exactly what is there about the bzip2 file installed by port that would cause that complaint from a virus detector?
> 
> Well, they are referring to this CVE:
> 
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0405
> 
> Versions of bzip2 before 1.0.6 had an integer overflow. Have you updated to bzip2 1.0.6? If so, you should no longer have that vulnerability.
> 
> 
> 

	The version in /opt/local/bin is 1.0.6, installed with texlive. There 
is another bzip2 in /user/bin which is version 1.0.5. It was put there 
with the latest combined Apple update, Mac OS 10.6.4. I'll just use rm 
on it. That should fix my "bug" problems with bzip2.

	It's nice that the xcode compiler found that, or the source code was 
set up to look for it. It's too bad the folk at Apple didn't use the 
later version of bzip2 in their update load.

	Shalom,

	John B. Brown.
	[jbb at vcn.com]
	358 High Street,
	Buffalo, Wyoming
	82834

"Freedom is not worth having if it does not include
the freedom to make mistakes"  Mahatma Gandhi
"If any question why we died, tell them,
because our fathers lied."  Rudyard Kipling
"A man who does not know the truth is just an idiot
but a man who knows the truth and calls it a lie
is a crook."  Bertolt Brecht
"I wonder whether the world is being run
by smart people who are putting us on
or by imbeciles who really mean it."  Mark Twain

1-307-684-9068


More information about the macports-users mailing list