A vulnerability has been fixed in bzip2, a high-quality block-sorting file compressor. CVE-2019-12900 is a out-of-bounds write when using a crafted compressed file.
This vulnerability was fixed in Debian Jessie, with bzip2 version 1.0.6-4+deb7u1
For Debian 9 stretch, these problems have been fixed in version 1.0.6-8.1+deb9u1.
We recommend that you upgrade your bzip2 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.