Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Wed, 19 Mar 2008 20:54:15 -0400
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
cc: Robert Buchholz <rbu@...too.org>
Subject: Re: CVE request: bzip2 CERT-FI: 20469

> 
> I'm running version 1.0.4 through the bzip2 files now (it takes a long time
> to run, there are a lot of files).  If I find the reproducer, I'll let you
> know.
> 
> I saw no crashes when I ran the CERT-FI suite over bzip2 versions 1.0.1,
> 1.0.2, and 1.0.3.
> 

I mailed upstream, the file we want is 1203ea663ea8545c9b66ad3ef46425d0.bz2

The problem I had with my testrunner is that the bunzip2 has a segfault
handler.  Rather that properly segfaulting, it's doing an exit(2).  I'm
going to rerun the suite with this new knowledge now to see what's affected
and how.

-- 
    JB

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux