+++ This bug was initially created as a clone of Bug #157057 +++ Whilst playing with "random bitflipping" technology, an effective decompression bomb attack against bzip2 was identified. bzip2 can be made to decompress into a file indefinitely when it encounters a suitably corrupt bzip2 archive. Demo bz2 archive: http://scary.beasts.org/security/d5d5466da311d907/bomb.bz2 Fixed in 1.0.3. No disclosure date yet.
Removing security flag & This bug duplicates bug 158801. Should be closed DUPLICATE.
*** This bug has been marked as a duplicate of 158801 ***