Chris Evans discovered a denial of service issue in bzip2.
This issue has been fixed in bzip2 1.0.3, but it's not well known yet. I'm
going to keep this bug private until chris makes his advisory public.
This issue also affects RHEL2.1 and RHEL3
Created attachment 114301 [details]
This patch contains the important bits between 1.0.2 and 1.0.3.
Created attachment 115129 [details]
This is no longer embargoed.
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.