just forwarding a bug that we've fixed in Gentoo ... summary: BZ2_bzclose fails to perform a NULL pointer check before actually using the passed BZFILE * argument. The NULL check *is* performed but only after the argument is used for the first time, resulting in a potential NULL pointer dereference. patch: http://www.gentoo.org/cgi-bin/viewcvs.cgi/*checkout*/app-arch/bzip2/files/bzip2-1.0.2-NULL-ptr-check.patch?rev=1.1 path author: Mihai Limbasan <mihailim>
Hello, thank you for your notic, attached patch was used in the last version of bzip2 (bzip2-1.0.3-1).