Re: NetBSD's libbz2 affected by this?

[David Huang <khym%azeotrope.org@localhost>]

On Mar 22, 2008, at 10:04 PM, Jonathan Schleifer wrote:

> Just wanted to remind that this is still unfixed, hell, it's not even
> mentioned on the NetBSD security page! It should at least be mentioned
> there since it possibly allows arbitrary code execution! And there  
> are a
> _LOT_ of apps there that use bzip2, it's even used in networking
> applications, which means a remote attacker could take control over  
> the
> user that runs the app! Apps like GnuPG use it, rendering them totally
> useless if private keys can be stolen through this bug!
> It seems like nobody of the devs cares, but this is URGENT! The bug is
> known for too long now and it is assumed that arbitrary code execution
> is likely, it won't take long until someone succeeds in exploiting  
> it if
> it allows arbitrary code execution!

In what was is it unfixed? Two people replied to your original post  
saying that it has been fixed:
http://mail-index.netbsd.org/netbsd-users/2008/03/18/msg000397.html
http://mail-index.netbsd.org/netbsd-users/2008/03/19/msg000400.html

--
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym%azeotrope.org@localhost |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 31 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA 
+ PL++