--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/bzip2/patches/CVE-2016-3189.patch Tue Jun 21 14:30:52 2016 -0700
@@ -0,0 +1,18 @@
+Fix for CVE-2016-3189.
+
+For more details see:
+
+https://bugzilla.redhat.com/show_bug.cgi?id=1319648
+
+Fix is already known upstream.
+
+--- bzip2-1.0.6/bzip2recover.c.orig 2016-06-20 14:21:27.313740691 -0700
++++ bzip2-1.0.6/bzip2recover.c 2016-06-20 14:22:04.258099956 -0700
+@@ -457,6 +457,7 @@
+ bsPutUChar ( bsWr, 0x50 ); bsPutUChar ( bsWr, 0x90 );
+ bsPutUInt32 ( bsWr, blockCRC );
+ bsClose ( bsWr );
++ outFile = NULL;
+ }
+ if (wrBlock >= rbCtr) break;
+ wrBlock++;