maxpeterkaya/LicheeRV-Nano-Build
1
0
Fork 0
Code Issues 53 Pull requests 9 Projects Releases 43 Packages Wiki Activity Actions

Potential Vulnerability in Cloned Code #575

Open
tabudz wants to merge 1 commit from tabudz/CVE-2019-12900 into main
pull from: tabudz/CVE-2019-12900
merge into: maxpeterkaya:main
Conversation 0 Commits 1 Files changed 1 +1 -1
tabudz commented 2026-03-04 10:30:52 -05:00 (Migrated from github.com)
Copy link

Summary

Our tool detected a potential vulnerability in u-boot-2021.10/lib/bzip2/bzlib_decompress.c which was cloned from federicomenaquintero/bzip2 but did not receive the security patch applied. The original issue was reported and fixed under https://nvd.nist.gov/vuln/detail/cve-2019-12900.

Proposed Fix

Apply the same patch as the one in federicomenaquintero/bzip2 to eliminate the vulnerability.

Reference

https://nvd.nist.gov/vuln/detail/cve-2019-12900
gitlab.com/federicomenaquintero/bzip2/-@74de1e2e6f

### Summary Our tool detected a potential vulnerability in u-boot-2021.10/lib/bzip2/bzlib_decompress.c which was cloned from federicomenaquintero/bzip2 but did not receive the security patch applied. The original issue was reported and fixed under https://nvd.nist.gov/vuln/detail/cve-2019-12900. ### Proposed Fix Apply the same patch as the one in federicomenaquintero/bzip2 to eliminate the vulnerability. ### Reference https://nvd.nist.gov/vuln/detail/cve-2019-12900 https://gitlab.com/federicomenaquintero/bzip2/-/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin tabudz/CVE-2019-12900:tabudz/CVE-2019-12900
git switch tabudz/CVE-2019-12900

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff tabudz/CVE-2019-12900
git switch tabudz/CVE-2019-12900
git rebase main
git switch main
git merge --ff-only tabudz/CVE-2019-12900
git switch tabudz/CVE-2019-12900
git rebase main
git switch main
git merge --no-ff tabudz/CVE-2019-12900
git switch main
git merge --squash tabudz/CVE-2019-12900
git switch main
git merge --ff-only tabudz/CVE-2019-12900
git switch main
git merge tabudz/CVE-2019-12900
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
bug
Something isn't working

  
documentation
Improvements or additions to documentation

  
duplicate
This issue or pull request already exists

  
enhancement
New feature or request

  
good first issue
Good for newcomers

  
help wanted
Extra attention is needed

  
invalid
This doesn't seem right

  
question
Further information is requested

  
wontfix
This will not be worked on

No labels
bug
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
maxpeterkaya/LicheeRV-Nano-Build!575
No description provided.