See the upstream discussion on the bzip2-devel mailinglist: https://sourceware.org/ml/bzip2-devel/2019-q2/msg00024.html
In particular this workaround patch for some (buggy lbzip2 compressed) files that bzip2 1.0.6 could decompress, but 1.0.7 (with the CVE-2019- 12900 hardening patch) cannot: https://sourceware.org/ml/bzip2-devel/2019-q2/msg00031.html Testing and feedback appreciated.
